Guidelines for auditing include: obtaining management approval for access and scope of tests, limiting them as read-only documents, verifying security requirements for devices used to access systems, only permitting system file copies be available, formulating and agreeing to special requests, running tests outside business hours to minimize impact, and reviewing and recording all access.
Conformance1
Tools for conforming to standards, goals and processes
