Reviews / Internal Audit

The data center and its security operations should be periodically reassessed for any changes which might impact security policies and procedures.

Changes proposed as a result of the review/internal/external audit should be reviewed and considered for implementation where feasible.

The review should be documented and signed off by the appropriate stakeholders.

Where feasible, reviews/internal audit should be conducted by individuals not directly involved in data center operations.