a) At the Primary Data Centre (PDC):
i. There was no business continuity and disaster recovery policy that would have provided for the management of the Data Centre among others, effectively aid 2019 Annual Report 252 the security of the GIFMIS data, information, and its ICT infrastructures.
ii. Entrance to critical data centre rooms such as the power and servers’ rooms had no biometric access.
iii. Out of the 29 Active registered users on the biometric entrance list, only 12 users were confirmed officers assigned to the PDC. The other 17 users could not be traced.
iv. The two (2) FM 200 fire extinguishers available have not been serviced since they were installed on 28 April, 2011. In same vein, there were no evidence that any fire drilling or testing of available fire service equipment has been carried out since inception. Moreover, none of the officers assigned to the data centre have been trained on firefighting and emergency techniques.
v. There were lots of combustible items (cartons and plastic ropes) littered around within the Data Centre (DC) that could easily intensify damages during a fire outbreak. vi. Though seven (7) Closed-Circuit Television (CCTV) cameras were installed in the DC, there was a blind spot in the power room that is not captured within the camera purview.
vii. The CCTV monitors were not up and showing on the big screen all through the period of audit, which indicates that the cameras may not be regularly monitored.
viii. The hot and cold aisles at the server room were not properly arranged; The front of some racks was directly facing the back (hot air outlet) of other racks, which indicates that the equipment may be consuming air below functional or manufacturer requirements, and ix. The two humid and water detectors which monitors the temperatures at the data centre have not been serviced since 2011.
b) At the Secondary Data Centre (SDC):
i. The SDC was located on the 1 floor and between administrative offices of the Federal Pay Office (FPO) in Gombe State. Sharing the same building with an administrative office is risky because of the high human traffic and activity going through the hallway.
ii. The SDC has been shut down for several months. Since shutdown with no power, the room temperature was extremely below required limits for electronic devices especially within the DC. Global standards for temperature within a DC are Temperature: 18-27°C (64-81°F). Maximum relative humidity: 60% Maximum dew point: 15°C (59°F).
iii. The main power supply for the whole building (Federal Pay Office) was faulty and not working.
iv. The two (2) FM 200 fire extinguishers and their nozzles have not been serviced since they were installed at the inception of the GIFMIS. Also, there was no evidence that fire drilling or testing of the fire equipment has been carried out. With this, it cannot be ascertained that the fire equipment’ would be effective in the event of fire outbreak.
v. No biometric access was activated for entry into any of the critical rooms of the data centre, only regular door keys and locks are used. vi. All four (4) CCTV cameras and monitor were not functional.
vii. The SDC walls and ceilings were soaked and crumbling due to water leakage within the office building. The walls were puffed out and some parts of the ceilings were already protruded downward and cracked
viii. The Data Centre was littered with combustible items (cartons and plastic ropes) which can easily intensify more damages if there is a fire outbreak.
The above anomalies were due to weak internal controls at the OAGF.