Environmental monitoring + alerting
Demonstrate that environmental monitoring systems are deployed across critical infrastructure locations, configured with appropriate thresholds and alert mechanisms, and actively maintained to detect and notify personnel of adverse environmental conditions in real time.
Description
What this control does
Environmental monitoring and alerting systems continuously collect and analyze physical and logical infrastructure telemetry to detect anomalous conditions that could indicate security incidents, operational failures, or infrastructure compromise. These systems measure temperature, humidity, power, physical access events, fire suppression status, and other environmental parameters in data centers, server rooms, and critical facilities, generating real-time alerts when thresholds are exceeded. Effective implementation prevents data loss from environmental failures, supports incident response, and provides forensic evidence for physical security investigations.
Control objective
What auditing this proves
Demonstrate that environmental monitoring systems are deployed across critical infrastructure locations, configured with appropriate thresholds and alert mechanisms, and actively maintained to detect and notify personnel of adverse environmental conditions in real time.
Associated risks
Risks this control addresses
- Undetected temperature or humidity excursions causing hardware failure and data loss without advance warning
- Water leaks from HVAC, plumbing, or fire suppression systems damaging equipment before personnel respond
- Power anomalies including voltage fluctuations or UPS failures degrading system availability without detection
- Unauthorized physical access to server rooms or equipment cages occurring without triggering alarms
- Fire or smoke conditions escalating due to delayed detection and notification of monitoring personnel
- Equipment theft or tampering going unnoticed due to absence of motion, door, or rack access sensors
- Environmental sensor failures creating blind spots that mask developing threats to infrastructure
Testing procedure
How an auditor verifies this control
- Obtain and review the inventory of all data centers, server rooms, telecommunications closets, and critical infrastructure locations requiring environmental monitoring.
- Collect configuration documentation for deployed environmental monitoring systems including sensor types, placement diagrams, monitored parameters, and alert thresholds.
- Verify that monitoring coverage includes temperature, humidity, water detection, power status, physical access controls, and fire/smoke detection for each critical location.
- Select a sample of environmental sensors and physically inspect their installation, operational status, and positioning relative to critical equipment.
- Review alerting configurations including notification recipients, escalation procedures, communication channels (email, SMS, SNMP traps, integration with SIEM), and redundancy mechanisms.
- Examine historical alert logs from the past 90 days to confirm sensors are generating alerts, personnel are responding, and thresholds trigger appropriately.
- Request evidence of alert testing procedures and review records demonstrating simulated or actual alert generation and successful notification delivery.
- Interview facilities and security operations personnel to confirm they understand monitoring responsibilities, alert response procedures, and escalation protocols.
Where this control is tested