BTDT too many times to count. For what it is worth, my advice when dealing with Auditors:
1) Only give the auditors what they ask for - do not volunteer any additional information. Most of the time, they just want to check the boxes and move on to the next person. You aren't doing yourself any favors by asking for more work. 2) Have written, approved policies and some way to prove that you follow them. Most of the time the guidelines do not get into specifics about the contents of the policies. They only say "you must have a retention policy and abide by it" - they generally don't say "you must keep emails for X days". Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Monday, December 20, 2010 9:22 AM To: NT System Admin Issues Subject: RE: Experience with doing IT Audits +10,000,000,000,002 From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, December 17, 2010 4:36 PM To: NT System Admin Issues Subject: RE: Experience with doing IT Audits Likewise for PCI and NIST-800. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Carl Webster [mailto:carlwebs...@gmail.com] Sent: Friday, December 17, 2010 4:39 PM To: NT System Admin Issues Subject: Re: Experience with doing IT Audits I have done IT Audits for SOX Compliance. What would you like to know other than I hate, despise and detest doing them? Webster On Fri, Dec 17, 2010 at 3:24 PM, Juma, Lumumba <lcj...@icipe.org> wrote: Hi All, I need help from somebody who has been involved in doing IT audits for companies/organizations. We can communicate directly off the list. Many thanks, Juma. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
