Security policies

Collect information about your organization’s security policies, such as the following:

• Account password policies
  
  
• Account cycling policies
  
  
• Account rights policies
  
  
• Client and server lockdown policies (restrictions on disks and registry, services that are stopped, whether services use Domain Administrator accounts, and hidden shared folders that are removed)
  
  
• Auditing policies
  
  

Separation of or delegation of duties between IT divisions within the enterprise.

The degree to which users must retain control of clients, and any exceptions to such policies (such as servers, or computers used by programmers).

You should collect information about how security-related issues will be handled and supported, such as the following information:

• Sensitivity to security risks
  
  
• Importance of ease of administration
  
  
• Special needs you have for secure data access and transmission
  
  
• Service level agreements (SLAs) for applying security updates