Security patrols might be required for data centers which are large in size and/or when a higher level of security is required. Policies and procedures need to be established which should include, but not be limited to:
- Description of route(s) to be taken with a preference for a variety of routes and patrol start times to avoid predictability.
- Checkpoints on each route, preferably via electronic systems. Electronic systems should be functionally secure (e.g. avoid QR code, barcode, etc.).
- Tests to be conducted (e.g. random door alarm test).
- Adoption of a call-home/heart-beat routine (where applicable).
- Timings/intervals with a preference for an ‘around-the-clock’ and taking into consideration office/out of office hours.
- Reporting/activation procedures for when a breach is detected.
The organization should consider having additional security checks which might be executed on a less frequent basis to verify specific security aspects (e.g. ventilation ducts, metal detectors, explosive sniffing devices, (computer room) cabinets).
