One of my clients outsources their Exchange needs with a larger IT firm. The IT firm recently changed the password expiration policy to 45 days. In a phone conversation with a representative of the IT firm, I was told that the policy change was implemented to "assure compliance with SAS 70." SAS 70 is the Statement on Auditing Standards No. 70: Service Organizations issued by American Institute of Certified Public Accountants (AICPA).
This got me thinking about the small networks that I oversee. SAS 70 is designed for companies like hosted data centers, application service providers, and managed security providers. It's not designed for small, 10-50 workstation office networks. There must be, however, standards that are in the spirit of SAS 70, that ARE designed for small office networks. I'm looking for standards that prescribe protocols for networks, network servers, the network workstations for things like network firewalls, WAP security, network remote access, server and workstation antivirus & anti-spyware, file server security, email server security, OS update policy (SUS), database security, backup policy...
Can someone point me to something?
Start Free Trial
