[SASAG] IT auditing firm recommendations

tallpaul at speakeasy.org tallpaul at speakeasy.org
Thu Dec 6 09:33:21 PST 2007

We are going to do an IT audit for practices, management and strategic 
planning and possibly also disaster recovery. I'm pushing to make security 
a separate audit, but that might also be included if I don't get my way.
As I see it, DR could also be a separate audit.

Does anyone have any recommendations for local company or a national 
company with a local presence to do this? (ie: we'd rather not be flying 
people in to do this)

My personal (and managerial I suppose) concern is that we avoid conflict 
of interest here. For instance, I'm sure IBM would be happy to do such an 
audit but will then push their services & hardware. Essentially we'd be 
paying for a sales pitch which just doesn't sound like fun.

Separate recommendations for security-only audits would be a plus as we 
do plan on doing one.


More information about the Members mailing list