New Project And Change Control Security review/approval questions requested

[David Grisham <DGrisham () SALUD UNM EDU>]

I'm reworking the security approval of new projects & change control requests.  I'm trying to find a standard list of 
questions to ensure security concerns have been addressed.  We are a hospital (covered by HIPAA), our financials are 
held to (Sox) & Our Health Science Center falls under GLB.
 
Does anybody have a manageable list of security questions that can be used in a hospital enterprise IT environment?  I 
imagine a ISO 17799 would cover most everything.  Replies will be kept confidential unless specifically posted to the 
list

Cheers --grish
David D. Grisham, Ph.D.,  CISM, CHS, CHSP
Manager, IT Security,
UNM Hospitals, Information Technology
1650 University Blvd,  S.500, Albuquerque, NM 87102

Attachment: David_Grisham.vcf
Description: