14 Benchmarks

1. Computer Life Cycle

Every workstation and server that is used on a regular basis should be no more than 4 years old.  Every laptop computer that is used on a regular basis should be no more than 3 years old.

2. Operating Systems for Computers and Servers

All workstations, laptops and servers should be using current, trusted and business-grade operating systems that are regularly updated and administered. 

3. Appropriate Network Environment

Organizations with less than 10 computers in one office must, at a minimum, have a peer-to-peer network. Organizations with 10 or more computers in the office must utilize a client-server network.  

4. Reliable Internet Connection

Organizations must have a reliable connection to the Internet with a responsive and dependable Internet Service Provider (ISP).

5. Firewall Protection

Organization that have a persistent connection to the Internet must have a centralized, business-grade hardware or software-based firewall in place to protect from unauthorized access to internal resources.

6. Secure Wireless Networks

Organizations utilizing a wireless network must have up-to-date and trusted security protocal implemented to limit access. 

7. Backup and Recovery Process

Organizations must have adequate systems in place for proper backup and recovery of data.   

8. Malware Protection

Appropriate measures must be in place to protect all users from hostile, intrusive, or annoying software.  These include but are not limited to viruses, phishing, spyware and SPAM.

9. Secure Internet Browsing

All computers should be using current Internet browser software that has been patched to protect against pop-ups and other possible threats.

10. Data Security

Organizations must enforce the use of strong passwords, as well as implement security permissions for file and folder access and administrative oversight.

11. Documentation

Organizations must have at minimum core documentation pertaining to technology and support, centrally available in both print and electronic form where it can readily be accessed. 

12. Technology Support

Organizations must have access to a technology professional who routinely administers and supports the environment.

13. Physical Security

Physical access to computers, servers and networking equipment must be monitored and restricted to only those with proper authority. 

14. Power and Surge Protection

All computers must utilize proper surge protection; all servers must be connected to a managed power device.