December 04, 2009, 3:35 PM — WHEN IS THE BEST TIME TO PERFORM A COMPREHENSIVE SECURITY AUDIT? Every four years. Companies should perform a very thorough IT audit every four years evaluating every system plus backup and restore, disaster recovery, and emergency procedures, says Michelle Johnston Sollicito, an e-business consultant and author. That in-depth audit should be followed by an update audit annually, which evaluates only new systems or those that have undergone significant changes, she says, and mission-critical systems with sensitive or financial information should also be audited annually. Reminder: However, many companies must follow the guidelines laid out by regulations such as Sarbanes Oxley that specify how often an audit should be performed, says Johnston Sollicito.
This is part of ITworld's "Best Time" series. See the full list of Best Times to do all sorts of technology-related things.