This sample document contains two work programs that outline general steps organizations should take during a data center review audit to help determine whether information resources are protected against unauthorized access and environmental hazards.

​Sample steps in these programs include: ensure that vendor service personnel and visitors are supervised while in the data center; use a standard template to create the internal audit report, hold closing meetings with key management to review the internal audit report draft and findings, publish the final report; and obtain a list of individuals with access to the data center and test for reasonableness.