Transcription
Afya House Data CenterAudit ReportDecember 10, 2012
December 2012Recommended Citation: Government of Kenya. 2013. Health Information Systems StakeholderCoordination Strategy. Nairobi, Kenya: Ministry of Health, AfyaInfo Project.AfyaInfo is a technical assistance program to support the Government of Kenya to strengthen theirhealth information systems. The program is implemented by Abt Associates, Inc. in partnership withTraining Resources Group, ICF International, the University of Oslo, Knowing Inc., the KenyaMedical Training College, and the University of Nairobi. It is funded by the United States Agency forInternational Development (USAID), under the AIDS Support and Technical Assistance Resources(AIDSTAR) Sector II IQC, contract number GHH-I-00-07-00064-00 AID-623-TO-11-00005, KenyaHealth Information System.DISCLAIMER:The author’s views expressed in this publication do not necessarily reflect the views of the UnitedStates Agency for International Development or the United States Government.
Table of ContentsAcknowledgement . viiList of Acronyms .ixExecutive Summary .xiBackground and Context . 13Introduction . 13Background . 13Audit Objectives and Scope. 13Detailed Findings . 151.2.3.4.5.6.Hardware . 15a.Servers . 15b.Racks . 15c.Cabling/Network . 15d.Accessibility to back panels . 15e.Any other related hardware/network equipment. 15Power . 16a.Availability. 16b.Conditioning . 16c.Redundancy . 16Security . 17a.Physical . 17b.Logical. 17c.Security Procedures . 17Fire and Flood Prevention . 17a.Fire Prevention . 17b.Flood Prevention . 18Environment . 18a.Cooling . 18b.Contamination . 19c.Humidity . 19Disaster Recovery & Business Continuity. 19a.Disaster Recovery. 19b.Business Continuity . 19AFYA HOUSE DATA CENTER AUDIT REPORTP a g e iii
7.Policies and Procedures . 208.Service Level Agreements & Maintenance . 209.Personnel Competencies . 2010.Infrastructure. 2011.Scalability & Classification . 2012.Systems/Data Center Support . 21Recommendations. 231.2.Structural. 23a.Data Center Size . 23b.Data Center Walls . 24c.Data Center Floor . 25d.Data Center Door . 25Power . 25a.Availability. 25b.Conditioning . 26c.Redundancy . 263.Network & Cabling . 274.Hardware . 285.6.7.8.a.Servers (Appendix B: 4 (a) Diagram). . 28b.Racks . 29Environment . 30a.Cooling . 30b.Contamination . 30c.Humidity . 31Security . 31a.Physical . 31b.Software . 31c.CCTV. 32Fire and Flood Prevention . 32a.Fire Prevention . 32b.Flood Prevention . 33Disaster Recovery & Business Continuity. 34a.P a g e ivDisaster Recovery. 34AFYA HOUSE DATA CENTER AUDIT REPORT
b.Business Continuity . 349.Policies and Procedures . 3410.Service Level Agreements & Maintenance . 3511.Personnel Competencies . 3512.Conclusion . 36APPENDIX A: FINDINGS . 39APPENDIX B: RECOMMENDATIONS . 49APPENDIX C: STANDARDS ACRONYMS . 59AFYA HOUSE DATA CENTER AUDIT REPORTPage v
AcknowledgementWe, Light House Solutions, acknowledge with gratitude, the invaluable assistanceand cooperation extended by the members of the ICT Team at the Ministries ofHealth and Medical Services who we interviewed during the conduct of this audit ofthe Data Center located in Afya House.Sincere appreciation is also extended to the Afya Info Project Team as well for thevaluable input and continued support that has contributed to the achievement of theaudit results.AFYA HOUSE DATA CENTER AUDIT REPORTP a g e vii
List of AcronymsACLAccess Control ListANSIAmerican National Standards Institute - ANSICCNACisco Certified Network AssociateCCTVClosed Circuit TelevisionCISSPCertified Information Systems Security ProfessionalDHISDistrict Health Information SystemDiv-HISDivision of Health Information SystemsDNSDomain Name ServiceEIAElectronic Industries AssociationHISHealth Information SystemIBCInternational Building CodeISOInternational Organization for StandardizationIISMicrosoft Internet Information ServerITInformation TechnologyICTInformation Communications TechnologyITILInformation Technology Infrastructure LibraryKPLCKenya Power and Lighting CompanyKVAKilo Volt AmpereKWKilowattsLANLocal Area NetworkLAN/WAN Local Area Network/Wide Area NetworkLGFLower Ground Floor – MOH Afya HouseMCITPMicrosoft certified Information Technology ProfessionalMCSEMicrosoft Certified Systems EngineerMoHMinistries of HealthNATNetwork Address TranslationNOCNetwork Operations CenterNVRNetwork Video RecorderNFPANational Fire Protection AssociationPMPProject Management ProfessionalSLAService Level AgreementAFYA HOUSE DATA CENTER AUDIT REPORTP a g e ix
TelcomTelecommunicationsTIATelecommunications Industry AssociationUPSUninterruptible Power SupplyUTPUntwisted Pair CableVLANVirtual Local Area NetworkVMwareNot an abbreviationVCPVMware Certified ProfessionalVPNVirtual Private NetworkPage xAFYA HOUSE DATA CENTER AUDIT REPORT
Executive SummaryTable1: Executive SummaryData Center IssuesHardwarePowerSecuritySummary of Findings Fire & Flood The servers are HP models that are primarily used in smalland medium size organizations – not compatible for DHISWorkspace provided around racks is insufficientCables are not labeled making it hard to troubleshootNo monitoring of network infrastructureMinimal labeling on the power distribution boardThe 3 phase incoming power load is not balancedGrounding at main distribution board is inadequateUPSs only support the racks, not entire Data CenterNo power backup is available for the Data CenterAuthentication systems & CCTV functional but notmanagedData Center door is located on public access corridorData Center back wall made of gypsum and glass securityrisk and fire hazardNo firewall, proxy servers, user authentication, andintrusion detection systems are in placeAntivirus not centrally deployed and managedFire suppression system in place but not maintainedThere are highly combustible materials at the back of theData CenterThe Data Center is located on the lower ground floor (LGF)and the drainage at the back is poorAFYA HOUSE DATA CENTER AUDIT REPORTRecommendations Install DHIS compatible serversIncrease Data Center floor spaceLabel network cablesMonitor network infrastructure Correct labeling on power distribution boardEnsure adequate groundingInstall room UPS & generator for Data Center power backup Define policies & procedures for Data Center securitymanagementMove Data Center door into a room as a security measure tocontrol accessRebuild gypsum wall with stoneInstall firewallCentral antivirus management Ensure Service Level Agreement (SLA) be put in place forfire suppression systemRemove highly combustible materials at the back of the DataCenterImprove the drainage at the back of the Data CenterP a g e xi
Data Center IssuesEnvironmentSummary of Findings Disaster Recovery &Business Continuity Personnel Competencies Cooling unit is functional but not maintainedDust and other kinds of contamination is present in the DataCenter (does not meet ISO standard) Humidity higher than optimum level No data backup systems No data backup, disaster recovery and business continuity policies in placeNo service level agreements (SLAs) and/or maintenance schedules in placeData Center personnel inadequate in number and need Data Center operations capacity buildingInfrastructureS
The program is implemented by Abt Associates, Inc. in partnership with Training Resources Group, ICF International, the University of Oslo, Knowing Inc., the Kenya Medical Training College, and the University of Nairobi. It is funded by the United States Agency for International Development (USAID), under the AIDS Support and Technical Assistance Resources (AIDSTAR) Sector II IQC, contract .
