| Identified all of the key players? | |
| Obtained management buy-in (at all levels)? | |
| Collected all applicable system and database information? | |
| Identified the specific types of accounts required for each systemboth operating system and database? | |
| Determined who will have authority to approve accounts? | |
| Determined who will create/delete/manage accounts? | |
| Determined a user tracking method and implementation? | |
| Decided how account approval will be performed: email, web site, hard-copy form, etc.? | |
| Identified all affected applications on each system? | |
| Identified a username and password structure? | |
| Determined what constitutes a security breach and the appropriate penalty for each breach? | |
| Identified all sensitive data on the system and created methods to protect that data? | |
| Determined what forms of monitoring will be used? | |
| Determined what forms of backup will be used? | |
| Created recovery procedures to be followed? | |
| Determined the required availability for the database? | |
| Established standards for views and roles? | |