Data Center Audit


Quite Involved in Discussions
Hi :bigwave:
I was been assigned to audit our data center. What are the things that I need to check and verify compliance? :confused: Do I have to work on security? :frust: With regards to networking, can i audit the design of the LAN? :confused:

Thanks in advance.
Best regards,
Raffy :cool:
Elsmar Forum Sponsor
Hi Raffy,

There is a lot to dig in to: This is just what came to mind right away…

Doc requirements, and in particular control of records: Backup, Virus protection and firewalls, Access rules… 4.2. Security

Objectives. 5.4.1.

Who is responsible for the operation of systems and applications? 5.5.1.

Competence and training. 6.2.2.

Infrastructure. 6.3. Design of the LAN

Purchasing. (Software, hardware, services) 7.4.

Validation of applications they put together. 7.5.2.

Customers property (Mainly information) 7.5.4. Security

Monitoring of the systems. 8.2.3

Analysis of system performance, and actions taken as a result 8.4, 8.5.

Improvement 8.5.2.

I hope that'll keep you happy for a while?

Atul Khandekar said:

Does that include standard apps they buy?
Hi Atul,

Now there's a good question. If the application is part of your process and you can't verify the results later, I'd say yes... Didn't think about that.

You'll somehow have to make certain that the application interacts with the rest of the process in the intended way. It's no different from when you buy a machine and hook it up in a production line...

Other opinions?


Atul Khandekar

Thanx Claes.
A company may have any/all of the following:
- Number of MS Office and CAD installations
- Some ERP software such as SAP
- Company-wide intranet / Knowledge Management System / LotusNotes
- One or just a few seats each of many smaller software pakages (eg. Calibration Management System)
It would be a daunting task validating these things! How does one go about it?

Well Atul,

I'm skating on thin ice here. (Honestly, just trying to get a grip on this myself - please, someone grab me if I'm heading for open water).

In the examples you mentioned I'd think it's a simple (is it?) matter of installing the stuff and see if it works. Then, as long as nothing is altered I guess the validation would stay valid?

What I was thinking of was something like software for running production machinery or something similar... I suppose the only way to validate that would be to systematically put the relevant commands through it and see if you get the intended reaction in the other end.

More opinions anyone?


Vash Stampede

We'll I think I may add some audit stuffs that you might want to look at:
computer hardware inventory list?
multiple network interfaces in windows or in linux (as its operating system)?
disaster recovery plan? (as in how would they recovered lost files)



Quite Involved in Discussions
Hi Claes,
Thank you for adding up, its great to have your answers to the questions... :cool:
I had some follow-up questions:
Is a machine history needed for each workstations? How about an OCAP (Out-of-Control-Activity Plan)? Can I require them with using the clause under Continuous Improvement? How about FMEA?

Thanks and best regards,
Awwwww... :eek: (blushing). I bet you say that to all computer freaks ;) Thank's Raffy.

Just be sure to note that I'm thinking this through as I'm answering, thereby without a doubt missing things... I'll be using this stuff myself next time I audit our computer jockeys. A discussion here is good for the old creativity.


Machine history for each work station? I wouldn't know. That must depend on what your local procedures say.

OCAP? That could certainly fall under preventive action, and if you keep it updated, for instance by using FMEA it should prove useful for continual improvement too (You could improve what's possible to improve and stuff the impossible into the contingency plan.). As before it's down to what your procedures say, but losing your network even temporarily could be disastrous, so a contingency plan would be a good idea for anyone. I think it should fall under clause 4.2.

Thread starter Similar threads Forum Replies Date
A What are Practical data center best practices IEC 27001 - Information Security Management Systems (ISMS) 1
M Informational US – National Evaluation System for Health Technology Coordinating Center (NESTcc) Solicits Public Comments for Data Quality and Methods Frameworks Medical Device and FDA Regulations and Standards News 0
P Conference Table power-data center Lean in Manufacturing and Service Industries 2
Z Why Control Limits are not the same depending on type of exclusion of data points Using Minitab Software 7
D Question: How to analyze numerical and attribute data Reliability Analysis - Predictions, Testing and Standards 11
N Simple statistics questions on labor data Statistical Analysis Tools, Techniques and SPC 2
T Data verbiage Inspection, Prints (Drawings), Testing, Sampling and Related Topics 6
S QR/2D Codes & Data Strings Misc. Quality Assurance and Business Systems Related Topics 1
A Need to calculate tolerance Intervals with a set of non-normal data and 3-Parameter Weibull distribution Using Minitab Software 0
B GR&R Destructive Data Analysis Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 13
E Raw data retention for Diagnosis Results EU Medical Device Regulations 4
Y Exporting data to the cloud is a "Significant Change"? EU Medical Device Regulations 5
Z Data sheet from McMasterCarr enough for RoHS/REACH documentation? REACH and RoHS Conversations 4
S Eudamed data fields EU Medical Device Regulations 5
J Need Help with FPY Data in Assembly Process Manufacturing and Related Processes 7
Q AMS 2750 E or F Continuous Furnace TUS Data Collection AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
M Reduce occurrence rating based on the PMS data and customer complaint data ISO 14971 - Medical Device Risk Management 2
J Customer Complaint & SCAR, false data Nonconformance and Corrective Action 14
Brizilla Employee Data Privacy Policy - ISO 9001:2015 requirement(s)? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
D Safety data sheets software REACH and RoHS Conversations 3
M Data Protection and Privacy Policy - looking for a template/example EU Medical Device Regulations 1
S Non parametric test for semi-quantitative data. Statistical Analysis Tools, Techniques and SPC 5
M Disabling measurement data during fault conditions IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
C EU MDR - Annex II 6.1 Pre-clinical and clinical data EU Medical Device Regulations 4
P Ppk results shown as asterisk after the transformation of Non-normal data Using Minitab Software 4
lanley liao How to correctly understand the bullet list d) of 6.3 Analysis of Data for API Spec Q1 Oil and Gas Industry Standards and Regulations 7
Steve Prevette Informational I am presenting a webinar Thursday - "Data Driven Decision Making" - 19 November 2020 Statistical Analysis Tools, Techniques and SPC 5
qualprod Best practice to ensure inputting of data in production Lean in Manufacturing and Service Industries 19
D Preservation of Electronic Data / Information Technology ISO 13485:2016 - Medical Device Quality Management Systems 5
M Comparing data from destructive testing Inspection, Prints (Drawings), Testing, Sampling and Related Topics 7
DuncanGibbons Technical Data Package vs Digital Product Definition APQP and PPAP 0
Z Putting back excluded rows/data points in a control chart Using Minitab Software 0
F General Data Protection Regulation (GDRP) CE Marking (Conformité Européene) / CB Scheme 6
Z Minitab - Updating Graph with specific data points Using Minitab Software 2
E PEMS Hazards - IEC 60601 Clause 14.6 - Internal data use - Pressure sensor IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
K Transform variable data into attribute data Reliability Analysis - Predictions, Testing and Standards 24
R Clinical evaluation without clinical data - MDR Article 61(10) EU Medical Device Regulations 9
H Capability Data for Paint Thickness on Painted Parts Statistical Analysis Tools, Techniques and SPC 10
D BS EN 62304 - Medical-Relevant Data C.5 - Definition of IEC 62304 - Medical Device Software Life Cycle Processes 5
T Submitting MR Compatibility Data for 510(k) Cleared Device Other Medical Device and Orthopedic Related Topics 2
S Quality manager considering data science Quality Manager and Management Related Issues 19
U Do we need clinical trial data for Class IIa medical device under MDR EU Medical Device Regulations 7
S Average and standard deviation of Cumulative Data Statistical Analysis Tools, Techniques and SPC 5
V IS/ISO/IEC 17025:2017 Clause 7, sub clause 7.11 Control of data and information management ISO 17025 related Discussions 1
Watchcat CERs Literature Databases - Searching for data to evaluate EU Medical Device Regulations 16
D Transformation of Data Normality Failed Using Minitab Software 11
J Sample size for creating a data base as a reference to a tested variable Other Medical Device and Orthopedic Related Topics 6
M GUDID data deficiency communication - IS THIS A SCAM? ISO 13485:2016 - Medical Device Quality Management Systems 29
H Question about implications of performing Firmware upgrade via MDDS - Medical Device Data Systems 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
R Demonstrate how sufficient levels of access to data is achieved - Claims of equivalence EU Medical Device Regulations 3

Similar threads

Top Bottom