The data center and its security operations should be periodically reassessed for any changes which might impact security policies and procedures.
Changes proposed as a result of the review/internal/external audit should be reviewed and considered for implementation where feasible.
The review should be documented and signed off by the appropriate stakeholders.
Where feasible, reviews/internal audit should be conducted by individuals not directly involved in data center operations.
