Auditing ISO 27001 Annex A 8.14 Redundancy of Information Processing Facilities is the technical verification of system availability and resilience protocols. The Primary Implementation Requirement is architectural hardening to eliminate single points of failure, providing the Business Benefit of continuous operational uptime and disaster resilience.
ISO 27001 Annex A 8.14 Redundancy of Information Processing Facilities Audit Checklist
This checklist provides a binary validation framework to establish the availability and resilience of critical IT infrastructure. Use this checklist to validate compliance with ISO 27001 Annex A 8.14.
1. Redundancy Requirements Definition Verified
Verification Criteria: Business requirements for the availability of information systems are formally documented, identifying specific redundancy levels for critical assets.
Required Evidence: Business Impact Analysis (BIA) or Service Level Agreements (SLAs) specifying Uptime requirements.
Pass/Fail Test: If the organisation cannot identify which facilities require redundancy based on a formal risk or impact assessment, mark as Non-Compliant.
2. Single Points of Failure (SPOF) Analysis Confirmed
Verification Criteria: A technical review of the architecture has been conducted to identify and mitigate single points of failure in hardware, software, and utilities.
Required Evidence: Network topology diagrams and infrastructure maps showing redundant paths and failover mechanisms.
Pass/Fail Test: If a single hardware failure (e.g. a lone edge router or power feed) can cause a total system outage for a critical service, mark as Non-Compliant.
3. Dual Power Supply and UPS Integrity Validated
Verification Criteria: Critical equipment is supported by redundant power feeds, including Uninterruptible Power Supplies (UPS) and secondary generators.
Required Evidence: Physical inspection or data centre maintenance logs confirming dual power distribution units (PDUs) and UPS load-test certificates.
Pass/Fail Test: If critical servers are connected to a single PDU or if the UPS fails a simulated load-transfer test, mark as Non-Compliant.
4. Network Path Diversity Verified
Verification Criteria: Redundant telecommunications and network paths are utilised, entering the building at geographically diverse points to prevent accidental severance.
Required Evidence: ISP contracts and site drawings showing diverse entry points (e.g. North and South building entries).
Pass/Fail Test: If redundant network lines share the same physical conduit or entry point into the facility, mark as Non-Compliant.
5. High Availability (HA) Cluster Functionality Confirmed
Verification Criteria: Server and database environments are configured in High Availability clusters (Active/Active or Active/Passive) with automated failover triggers.
Required Evidence: Cluster heart-beat logs and failover configuration settings in the hypervisor or cloud console.
Pass/Fail Test: If failover between redundant nodes requires manual intervention and exceeds the RTO specified in the BIA, mark as Non-Compliant.
6. Cloud Availability Zone (AZ) Distribution Validated
Verification Criteria: For cloud-hosted services, instances and data are distributed across multiple Availability Zones to protect against regional data centre failures.
Required Evidence: Cloud console configuration (e.g. AWS/Azure/GCP) showing resource deployment across at least two distinct zones.
Pass/Fail Test: If all cloud production resources reside in a single Availability Zone without a cross-region backup or failover, mark as Non-Compliant.
7. Redundant Component Maintenance Records Present
Verification Criteria: Secondary and redundant components undergo regular maintenance and testing to ensure they remain operational when needed.
Required Evidence: Preventive Maintenance (PM) logs for backup generators, secondary cooling units, and failover switches.
Pass/Fail Test: If the primary system is maintained but the redundant system has no service history for the last 12 months, mark as Non-Compliant.
8. Environmental Control Redundancy Confirmed
Verification Criteria: Cooling and HVAC systems are designed with N+1 or 2N redundancy to maintain temperature even during a unit failure.
Required Evidence: Physical sighting of redundant HVAC units and historic temperature logs showing stability during maintenance windows.
Pass/Fail Test: If a single cooling unit failure results in a server room temperature exceeding manufacturer thresholds, mark as Non-Compliant.
9. Failover Drill and Testing Evidence Verified
Verification Criteria: Regular testing of the failover mechanisms is conducted to ensure that the redundant systems activate correctly under load.
Required Evidence: Post-test reports from “Scenario-based Failover Drills” or recent disaster recovery (DR) test results.
Pass/Fail Test: If the organisation claims redundancy but cannot provide a report of a successful failover test within the current audit year, mark as Non-Compliant.
10. Management Review of Redundancy Metrics Recorded
Verification Criteria: Management reviews the adequacy of redundancy measures against changing business needs and incident history.
Required Evidence: Management Review Meeting (MRM) minutes showing discussions on availability trends and infrastructure investments.
Pass/Fail Test: If recurring availability incidents occur but there is no evidence of management reviewing redundancy gaps, mark as Non-Compliant.
| ISO 27001 Annex A 8.14 SaaS / GRC Platform Failure Checklist | ||
|---|---|---|
| Control Requirement | The ‘Checkbox Compliance’ Trap | The Reality Check |
| SPOF Identification | Tool checks if “Redundancy” is marked ‘Yes’ in an asset list. | Review the Topology. GRC tools cannot see if a ‘redundant’ server is plugged into the same faulty switch. |
| Failover Testing | Uploading a policy stating that “testing is required.” | Examine the Test Log. A policy is intent; an auditor needs a timestamped log of a successful failover event. |
| Cloud Multi-AZ | Assuming the Cloud Provider handles all redundancy. | Verify Config. If the user didn’t check the “Multi-AZ” box during deployment, the cloud is as vulnerable as on-prem. |
| Utility Redundancy | GRC tool identifies “UPS” as a managed asset. | Load Testing. If the UPS batteries haven’t been tested under load, the GRC status is a false positive. |
| Path Diversity | Recording that “two ISPs” are on contract. | Inspect the Trench. GRC tools don’t know both ISPs enter the building through the same hole. |
| Maintenance | Marking maintenance as ‘Done’ in a task list. | Review Service Reports. GRC tasks are often ticked off by admins without a physical service occurring. |
| RTO/RPO Alignment | Claiming “High Availability” covers all bases. | Check incident logs. If a failover took 4 hours but the RTO is 15 minutes, the ‘redundancy’ failed. |
Stop Guessing. Start Passing.
AI-generated policies are generic and fail audits. Our Lead-Auditor templates have a 100% success rate. Don’t risk your certification on a prompt
About the author
