Because SharePoint Server 2007 will be hosting some of your most mission-critical and sensitive information, ensure that you have a strong change-control program in place for your servers. By controlling who can make administrative modifications to your system, you can maintain stability in your production environment and ensure that only authorized changes are made to your systems.
Pay attention to the Site Collection Use And Confirmation feature that allows SharePoint Server 2007 to automatically delete a site collection if site use is not confirmed by the site owners after a specified number of days. In many environments, automatic deletion of entire site collections is unacceptable. Factor into your policies the exact settings you want to have for this feature because an undesired configuration could result in the loss of a site collection.
This area actually touches a number of security policy areas, including backup and restore, information retention times, and change control. The topic is introduced here because the deletion of a site collection is significant, and the fact that this deletion can be automated makes this a more important consideration when you create your policies. Add to these considerations the fact that there is no method of archiving the site collection before it is deleted, and you'll quickly realize that controlling change management for this feature is rather important.
Considerations that will have particular interest to your SharePoint administrators include the following:
Formal change control procedure is required for all administrative changes.
System changes must be consistent with overall security architecture.
Training is required before authorization will be given to administrate a site, portal, or server.
Changes on supporting systems must be tested before introduction into production systems.
Automatic deletion of content is prohibited.
Automatic deletion of content is allowed only after content is backed up.