Pau Lo

<div>
Make sure that security is part of your requirements and that the software will not be considered passed/accepted until those requirements are met. Make sure your security requirements are written clearly. Use a checklist to evaluate your security requirements.<br />
<br />
See ISACA's Audit Programs here <a href="https://www.isaca.org/Knowledge-Center/Research/Pages/Audit-Assurance-Programs.aspx" rel="ugc">https://www.isaca.org/Knowledge-Center/Research/Pages/Audit-Assurance-Programs.aspx</a>
</div>


Make sure that security is part of your requirements and that the software will not be considered passed/accepted until those requirements are met. Make sure your security requirements are written clearly. Use a checklist to evaluate your security requirements.

See ISACA's Audit Programs here https://www.isaca.org/Knowledge-Center/Research/Pages/Audit-Assurance-Programs.aspx [https://www.isaca.org/Knowledge-Center/Research/Pages/Audit-Assurance-Programs.aspx]

<div>
<div class="content wysiwyg-content">
what areas could/should be included in the scope of an audit/healthcheck (call it what you like) of a document management system like SharePoint, above and beyond the obvious, ensuring any confidential/sensitive documents are only accessible to authorised users/groups.
</div>
</div>


what areas could/should be included in the scope of an audit/healthcheck (call it what you like) of a document management system like SharePoint, above and beyond the obvious, ensuring any confidential/sensitive documents are only accessible to authorised users/groups.

DMS audit scope (SharePoint or similar)

A Document Management System (DMS) is a system (both hardware and software) used to track, manage and store documents and reduce paper. Most are capable of keeping a record of the various versions created and modified by different users (history tracking). It is often viewed as a component of enterprise content management (ECM) systems and related to digital asset management, document imaging, workflow systems and records management systems.

Document Management

Software is any set of instructions that directs a computer to perform specific tasks or operations. Computer software consists of programs, libraries and related non-executable data (such as documentation). Computer software is non-tangible, contrasted with computer hardware, which is the physical component of computers. Software written in a machine language is known as "machine code". However, in practice, software is usually written in high-level programming languages than machine language. High-level languages are translated into machine language using a compiler or interpreter or a combination of the two.

Software

Microsoft Sharepoint is a software platform and family of software products used for collaboration and web publishing combined. These capabilities include developing web sites, portals, intranets, content management systems, search engines, wikis, blogs, and other tools for business intelligence and collaboration. SharePoint has a Microsoft Office-like interface, and it is closely integrated with the Office suite.