Offsite Storage Location Audit

Plan to visit and inspect the storage facility using this list of questions as a guide. Some of the questions might not be applicable to the type of storage that you decide to use, but this list will help get you started.

Facility Issues
Is the structure built up to earthquake code/and or other construction standards? A combination of steel and concrete provides dual reinforcement. Is the facility far enough away from your location that a disaster is not likely to affect both you and it as well? Is the facility close enough to your location such that storage media retrieval can be carried out efficiently and effectively, within reason? Does the facility have adequate access roads, including alternate routing if necessary? Low-traffic and rural areas can be more secure. Does the facility have a backup power supply and insurance coverage? Does the facility have backup heating and air conditioning systems? Does the facility have adequate floor drainage and water detectors? Does the facility have an air filtration system? Is the facility safely distant from any environmentally unsafe or hazardous areas (e.g. flood zone, petroleum plant, train tracks)? Does the facility offer methods to adequately physically protect the privacy/security of your information? Does the facility have a minimum number of windows?

Yes

No

N/A

Media Handling Issues

Is the offsite facility aware of the proper techniques for the care and handling of the storage medium? Is the storage medium stored in protective casing? Are there unmarked bins/areas to store the media? The exact location of your stored contents should not be obvious to everyone. Is the facility free of magnetic fields?

Yes

No

N/A

Page 1 Info-Tech Research Group 2004

Is the temperature of the facility such that it wont expose stored contents to temperature extremes? Temperatures should ideally be maintained between 60 and 70 degrees Fahrenheit. Is the area free of high humidity levels? Ideal humidity levels are around 40-50 percent.

Security and DRP Issues

Is there 24-hour monitored security? Is there monitored entry to the facility and storage area? Is there a secure loading and unloading area? Do the authorization procedures for receipt/hand-off meet your requirements? Are security systems tested and serviced regularly? Is there an adequate smoke and fire detection systems in place? Is there a fire suppression system in place? Are smoke detection, fire detection, and fire suppression systems tested regularly? Is the fire alarm system activated when disrupted or tampered with?

Yes

No

N/A

Additional Issues
Are media transportation vehicles climate controlled, properly secured, and equipped with fire extinguishers? Do the media transportation vehicles undergo regular preventative maintenance? Are media transportation vehicles secured while at delivery and pickup sites, and do they contain two-way communication devices (pager, cellular phone)? Are proper shipping and receiving documents filled out, signed, and maintained? Are after-hours employees at the facility appropriately trained to handle client emergencies and requests? Does the facility deploy a comprehensive employee screening process, and are the employees required to sign a confidentiality agreement?
Page 2 Info-Tech Research Group

Yes

No

N/A

2004

Are employees and visitors to the facility required to use sign-in logs? Are facility drivers/employees provided with uniforms and proper ID tags? Does the facility store other items that are at high risk for theft (e.g. gold, jewelry, collectables)? Is the building marked so that its purpose cannot be readily identified? Are there any customized services offered, such as DRP consulting, cold-site services, or hot-site services? Does the service provider have a locator system that stores the records in a systematic manner? Does the service provider have an automated inventory control system? Are paper records stored separately from the magnetic media? This is important because paper records require special monitoring due flammability and different fire suppression systems. Does the service provider supply a regular report that documents all records currently stored at the facility? How does the reporting occur? Does the service provider contract include proper terms and conditions, and clearly state its responsibilities? Does the service provider offer a remote vaulting service that allows for daily computer backups to occur over a local or wide area network?

_____________________________________________________

Info-Tech Research Group tools and template documents are provided for the free and unrestricted use of subscribers to Info-Tech Research Group services. You can use this document either in whole, in part, or as a basis and guide for your own documents. To customize this document with your own corporate marks and titles, simply replace the Info-Tech Information in the Header and Footer fields of this document.

Page 3 Info-Tech Research Group 2004