q Has the physical environment been reviewed for security: access control, fire hazards, humidity and heat?
q Is the equipment marked with appropriate identification?
q Should the equipment be bolted down or locked in some way?
q Is there a maintenance contract on the equipment?
q Have the critical data and programs been identified, and are they being backed up on a regular cycle?
q Has the backup media been stored at a different site?
q Is the restore process planned and tested?
q Have alternative processing arrangements been made for data, programs or equipment that is temporarily unavailable?
q Is any sensitive data kept on the system, and are passwords needed?
q Are the passwords well constructed and well managed?
q Is the software on the system a legitimate copy with an appropriate license?
q Who has the right to add software to the system?
q Is there virus detection and prevention software on the system?
q Is software tested for viruses or other problems before being installed on the system?
q Is training necessary to use software and hardware properly?
q Are all the people who use a system well known?
q Are there risks of damage, loss, or exposure for which insurance might be considered?
q Loss of software and hardware through malicious or inadvertent destruction
q Loss of information, papers or files
q Vital records and program backups in case of destruction
q Disclosure and release of restricted information