OR-10 IT Operations & Resilience

Data-Centre Environmental Controls

Facilities are protected (or provider-attested).

Domain: IT Operations & Resilience
Control type: Preventive
Automated / manual: Hybrid
Frequency: Continuous
Framework reference: COBIT DSS01.04

What good looks like

Power/cooling/fire suppression maintained; for cloud, covered by provider SOC report.

Risk if it fails

Environmental failure causing outage.

How Tess tests it

2 tests — each concludes only on cited evidence.

Environmental controls/SOC reliance defined

Design

Procedure: Inspect the approach.
Expected: Documented.
Sample: 1 (design inspection)
Evidence: Maintenance logs, provider SOC report.

Maintenance records or provider SOC reviewed

Operating

Procedure: Inspect records/SOC.
Expected: Maintained or attested.
Sample: 25 (or full config inspection)
Evidence: Maintenance logs, provider SOC report.

Evidence Tess looks for

Maintenance logs, provider SOC report.

More in IT Operations & Resilience

OR-01 IT Governance & Oversight OR-02 IT & Information Security Policies OR-03 IT Risk Assessment OR-04 Asset & Configuration Management

Want Tess to test OR-10 against your evidence?