21 July, 2014
When it comes to passing a government audit, three things matter most: documentation, documentation, documentation.
At data centers, maintenance professionals are not only tasked with keeping power sources and equipment running 100% of the time, they must also keep records of every interaction with the company’s information systems and networks. A CMMS, like Bigfoot, plays an essential role in meeting that challenge, because auditors today demand a detailed picture of everything an enterprise does to maintain data security.
Things weren’t always this way.
Back in the early days of computing, maintenance teams protected data by securing the physical plant, making sure gigantic mainframes stayed cool and unauthorized intruders stayed out – so a paper trail of their work was often sufficient. But now – between e-commerce on the Internet and data storage on clouds – securing data requires a symbiotic relationship between maintenance and the IT department. Computer technicians may build powerful networks to make life easier for consumers and erect firewalls to make it harder for hackers. But those techs need the maintenance team to keep the electricity on and fire systems in working order to prevent sensitive data center equipment from going up in smoke. And every time IT crosses paths with maintenance, it must be documented.
To understand how preparing for audits has become a mandatory task for maintenance professionals at data centers, it is helpful to recognize how big an impact federal legislation has had on information technology. Perhaps the best example is the Sarbanes-Oxley Act (SOX), legislation passed by Congress in 2002 in the wake of corporate scandals involving companies such as Enron, WorldCom, and Tyco.
SOX requires all publicly-held companies to verify the effectiveness of their internal financial controls on a yearly basis, and to submit to an audit of those controls. On top of that, any changes to source data have to be documented, down to the day, time, and reason for the change plus information on who made any additions or deletions.
SOX rules to rein in Wall Street have trickled down to the maintenance team functions in a variety of ways. Documentation is required every time low-voltage maintenance professionals move, add, or change anything connected to a system or network that holds a company’s financial data. Facility managers must also adhere to SOX guidelines when engaged in bidding, contracting, and capital spending. And SOX auditors also ask maintenance teams to complete an extensive checklist of items affecting data center physical security.
Down to the Generators
For a large financial services company with data centers in two separate states, Bigfoot CMMS has made SOX compliance vastly simpler than when the maintenance team relied on spreadsheets.
A case in point: because data security must be maintained with an uninterrupted power supply (UPS), auditors wanted to know exactly what type of preventive maintenance (PMs) had been performed on the company’s power system in previous years and what was planned for the future. Using Bigfoot, the chief facilities engineer was able to call up quarterly reports showing all PMs performed during a certain time period as well as upcoming PMs on the horizon.
And those PMs could pinpoint work on specific equipment in specific buildings – an important capability because one SOX auditor drilled into the maintenance team’s data all the way down to the generators.
Sometimes, however, auditors may only require a snapshot of the maintenance team’s overall work. For instance, of 600 PM tasks, they may only want to see a sample of 20, or a checklist of PMs performed in a particular month.
Of course, the ability to use an ideal CMMS for tracking PMs and the maintenance history of enterprise assets helps maintenance teams to be more effective in their day-to-day work. And it also makes it easier for them to pass any audits with flying colors.