Answer:
Excellent start! But don't forget about a system to approve changes to the system, retention as needed of the content and possible penetration testing in your IT audit. You will also want copies of SAS 70 audits on your provider and to ensure all vendor controls are in place.
First published on BankersOnline.com 11/3/03