Press Release


 ISACA Issues New Audit and Assurance Programs for Microsoft Platforms 

Rolling Meadows, IL, USA (24 April 2018) – Global technology association ISACA has released new audit/assurance programs for Microsoft® SQL Server 2016® and Microsoft® Exchange Server 2016 . These new audit programs focus on providing IT auditors with frameworks for assessing and preparing for potential risks in the updated versions of these popular platforms.

The Microsoft SQL Server 2016 Audit/Assurance Program addresses areas for IT auditors to consider as they assess deployments of Microsoft SQL Server 2016, an updated version of the operational database management system technology. Though Microsoft SQL Server is generally recognized throughout the industry for its operational maturity and new security features, vulnerabilities and potential issues related to sensitive and confidential data still exist that need to be anticipated and prevented, such as the potential for code injection by malicious actors. Microsoft SQL Server Database Audit/Assurance Program objectives include:

  • Limiting access to those who require it to perform position responsibilities
  • Supporting business objectives through remote access and emergency access while ensuring appropriate monitoring
  • Identifying and mitigating risk associated with third-party service providers
  • Ensuring that data confidentiality, integrity and availability (CIA) are not compromised, regardless of whether the SQL environment is physical or virtual

The Microsoft Exchange Server 2016 Audit/Assurance Program is tailored to the updated structure of Microsoft Exchange Server 2016, in which functionalities such as client access protocols, transport service, mailbox databases and unified messaging are distributed differently. Microsoft Exchange Server 2016 audits aim to achieve the following assurance goals related to security, availability and enterprise compliance:

  • Identifying and resolving issues associated with migration from earlier versions of Exchange
  • Optimizing security by supporting role-based access
  • Covering techniques for placing litigation holds on specified mailboxes in the event of litigation and court-mandated ediscovery
  • Complying with laws and standards such as the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS)
  • Supporting high availability where required for business objectives through the Exchange Server database availability group (DAG) design feature

“From ensuring that enterprises maintain productivity and reliable communication to addressing issues related to data protection that are increasingly relevant due to GDPR and data privacy initiatives, ISACA’s audit programs for Microsoft SQL Server 2016 and Microsoft Exchange Server 2016 provide the audit community with valuable tools for mitigating these risks,” said Robin Lyons, ISACA Technical Research Manager and Lead Developer for the audit/assurance programs.

ISACA audit programs have been developed and reviewed by audit/assurance professionals worldwide and are accompanied with an Excel spreadsheet, customizable for each individual assurance process environment. The Microsoft SQL Server 2016 Audit/Assurance Program is available for US $25 for members and US $50 for nonmembers, while the Microsoft Exchange Server 2016 Audit/Assurance Program is free to members and US $50 for nonmembers. For more information on ISACA’s audit and assurance programs, please visit


Nearing its 50th year, ISACA ( is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including 217 chapters worldwide and offices in both the United States and China.


Press Contacts:

Michelle Micor, +1.847.385.7217,
Kristen Kessinger, +1.847.660.5512,
Jay Schwab, +1.847.660.5693,