Jim is right. Do not give (me) the auditor more info than was requested. I don't want more stinking paperwork to do than necessary.
Policies and Procedures need to be in writing and signed off by all the required upper level people specified in the P&P that state who is supposed to sign-off on what. All lists and reports must have a date and time printed on them and they must be within 24 hours of the audit. Don't give me last month's report. And if you do give me last month's report at least change the date and time printed on it some way! J In SOX audits, we didn't care about specifics. Do you have a P&P in place and are you following it to the letter. If you insist on having 48 people in Domain and Enterprise admins, make a list of the users, delete them all for the audit and add them back in when I walk out the door! J If you have a P&P stating that ALL antivirus software must be updated, don't forget that most backup software has built-in AV capabilities and I have to ding you when Backup Exec AV hasn't been updated since it was installed 5 years ago. Did I ever mention I hate doing these audits? Webster From: Jim Holmgren [mailto:[email protected]] Subject: RE: Experience with doing IT Audits BTDT too many times to count. For what it is worth, my advice when dealing with Auditors: 1) Only give the auditors what they ask for - do not volunteer any additional information. Most of the time, they just want to check the boxes and move on to the next person. You aren't doing yourself any favors by asking for more work. 2) Have written, approved policies and some way to prove that you follow them. Most of the time the guidelines do not get into specifics about the contents of the policies. They only say "you must have a retention policy and abide by it" - they generally don't say "you must keep emails for X days". ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
