Skip to contentCYBERINFO
|

Control 7.11 : Supporting Utilities

Summary

Equipment should be protected from power failures and other disruptions caused by failures in supporting utilities. This includes electricity, water supply, gas, telecommunications, and heating/ventilation systems to ensure continued operational availability.

Applicability

In-Scope: Mandatory for maintaining the availability of on-premises technical infrastructure. It prevents utility failures from causing system crashes, data corruption, or extended business downtime.

Out-of-Scope: Only reducible for organizations that are 100% cloud-based with no physical office infrastructure beyond standard end-user laptops.

Implementation Guidance

Microsoft 365 / Entra ID

  • Redundancy: Rely on the Microsoft Azure global infrastructure for core services, as their data centers feature Tier 4 utility redundancy that exceeds standard commercial office capabilities.

  • Monitoring: Utilize IoT sensors integrated with Azure Monitor to track the real-time status of Uninterruptible Power Supply (UPS) systems and server room environmental conditions.

  • Alerting: Configure Microsoft Teams notifications to immediately alert the technical operations team when a power failure or environmental threshold is breached in the office.

Evidence Checklist

  • Utility Risk Assessment: A document identifying critical utilities required for operations and the corresponding backup or redundancy sources.

  • Maintenance Logs: Records of regular inspections and tests for UPS batteries, backup generators, and HVAC systems.

  • Service Level Agreements (SLAs): Contracts with utility providers or building management specifying uptime guarantees and emergency response requirements.

Practical Audit Advice

Here are some questions the auditor might ask:

  • What is the maximum duration your UPS can support critical network equipment during a total utility power outage?

  • How often are the emergency power systems, such as generators and UPS units, tested under a simulated operational load?

  • Is there a single point of failure in your telecommunications infrastructure, such as primary and backup lines entering through the same physical conduit?

  • How are physical utility controls, such as circuit breakers and water valves, protected from unauthorized access or accidental interference?