Best Practices Part 2

I mentioned last week that SOX (Sarbanes-Oxley Act of 2002) is forcing companies to have better controls around their financial information reporting.

There are a set of best practices that help these companies become compliant by following a list of critical controls.

As these companies begin to tweak their current policies and procedures, a large repository of information is being created.

This compilation of best practices can be utilized by any IT shop (a single staff member or several people) and should be used by private companies as well.

One example of a common best practice is user administration. If you currently have a network established and need user accounts to gain access to information, you should be documenting each person's access to the system.

This can be accomplished by using a simple form that is filled out by the requesting party (manager, HR). The form would be a simple selection of the access needed and should be signed by the originator. Store these forms in a folder or binder so you can review user access every few months. You might be surprised at what you find if you do a simple review every once in a while. Users with inappropriate access is a big security concern.

Another practice that should be followed is documenting server or network troubleshooting.

I have walked into many businesses that were encountering server problems only to find that they had no idea what was changed and what steps had been taken to correct the problem.

For the smaller shops, this leads to wasted time and serious downtime. Make a simple paper log (or Excel file) and record any changes to the systems or troubleshooting measures taken. Be sure to document any resolutions to problems.

It's important for both the business leaders and technology professionals in your company (some times the same person!) to understand the security strategy and have a sound change management practice.

This doesn't have to be a monumental task to create; simply use good documentation about how you do things now and make sure there are others aware of the procedures for keeping your infrastructure secure and in good working condition.

Run a search for technology best practices on the Internet and read about what other companies are doing. Whether you are a business with 1 pc or 1,000, everyone can gain efficiency by utilizing best practices.