last sync: 2024-Nov-25 18:54:24 UTC

Microsoft Managed Control 1396 - Controlled Maintenance | Regulatory Compliance - Maintenance

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1396 - Controlled Maintenance
Id 276af98f-4ff9-4e69-99fb-c9b2452fb85f
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Maintenance control
Additional metadata Name/Id: ACF1396 / Microsoft Managed Control 1396
Category: Maintenance
Title: Controlled Maintenance - Performing Maintenance
Ownership: Customer, Microsoft
Description: The organization: Schedules, performs, documents, and reviews records of maintenance and repairs on information system components in accordance with manufacturer or vendor specifications and/or organizational requirements;
Requirements: Microsoft has two types of assets that must be maintained: Critical Environment (CE) and Site Services: * Critical Environments is the team that provides operation and maintenance of electrical, mechanical, and physical systems that comprise the operating infrastructure of the facility. Examples include generators, UPS, Fire Detection and Suppression systems, and HVAC systems. * Site Services is the team that provides the servicing of Microsoft online services assets (i.e., physical servers, network devices, etc.) located at the datacenter. The Site Services team provides break/fix and deployment services based on the issuance of a work ticket. Azure captures maintenance records in the maintenance tracking tool for CE equipment and the workflow ticket tracking system for Site Services. The tool records the date and time of the maintenance, the name of the individual performing the maintenance along with details on the maintenance being performed, and any equipment being removed or replaced. If a particular maintenance activity required that someone be under escort in a restricted area, the name of the escort would be captured in the ticket. Critical Environment Equipment The Critical Environment (CE) team schedules, performs, documents, and reviews all maintenance activities performed on CE assets. Azure datacenters rely on a computerized maintenance management system to manage maintenance schedules and work order management. Microsoft Global Maintenance Standards which are a combination of OEM guidelines, NFPA708, IEEE, historical site data and expertise. Work orders are generated based on original equipment manufacturer (OEM) guidelines and assigned for completion. All maintenance work performed at an Azure datacenter must follow approved instructions captured in a Method of Procedure (MOP) document. A MOP must have datacenter management approval before work can begin. Completed MOPs are reviewed and receive datacenter management sign-off to indicate completion. Details of completed MOPs are stored in the appropriate workflow ticketing tool and then the work order is closed. The workflow ticketing tool is used to document and track all maintenance on CE equipment. CE maintenance activities also require peer reviews of the MOPs as a verification of completeness and quality assurance. The peer reviews verify that any required configurations or security settings are correctly in place before completion of the maintenance. During monthly review meetings with the CE team, Datacenter Management reviews and verifies all CE work that was completed in the previous month. Site Services The Site Services team provides a smart hands and break fix service for assets belonging to properties provisioning services from the datacenter. For example, Azure assets requiring physical maintenance could request smart hands service from the Site Services team. All Site Services work on Azure assets are scheduled, performed, documented, and reviewed in work tickets within the workflow ticketing tool. No work can occur without an approved work ticket. The Site Services team follows detailed procedure documents that define step by step instructions for specific service requests. As part of the procedure documents, one of the final steps is to perform a Quality Control check to ensure that all steps were completed and that required security settings are in place.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC