Body
Objective: To ensure that on-premises servers comply with enterprise standards and maintain the same level of security, operational integrity, and disaster readiness as servers migrated to Azure.
1. Operating System Compliance
- All on-prem servers must be running a supported operating system version.
- Regularly verify that the OS is updated with the latest security patches and vendor support requirements.
2. Patching and Update Management
- Apply critical patches and updates at least monthly to all on-prem servers.
- Ensure patch management processes align with enterprise standards and are validated by central IT teams.
3. Endpoint Detection and Response (EDR) Compliance – Microsoft Defender
- MS Defender EDR agents must be installed and configured on all compatible on-prem servers.
- Regularly check that MS Defender EDR agents are operational and reporting correctly to the central security platform.
4. Physical Security Requirements
- Servers must be housed in secure, access-controlled environments.
- Physical access to server rooms must be logged and limited to authorized personnel only.
5. Hardware Maintenance and Warranty
- Ensure server hardware is under a valid warranty or support contract.
- Conduct regular hardware health assessments and replace components nearing end of life.
6. Disaster Recovery and Business Continuity (DR/BC) Planning
- Maintain an updated DR/BC plan that meets the department’s requirements and aligns with the organization’s overall disaster recovery strategy.
- Test the DR/BC plan annually and document the results for compliance.
7. Monitoring and Incident Response
- Implement monitoring solutions to detect unusual behavior, performance issues, and potential security threats.
- SCCM agents must be installed and configured to report system health, patch status, and other monitoring metrics.
- On-prem servers must be included in the enterprise incident response plan and report to the centralized logging and monitoring systems.
8. Backup and Data Integrity
- Regular backups of critical data must be performed in line with enterprise policies.
- Ensure that backups are encrypted, validated, and stored securely, both on-site and off-site, if applicable.
9. Documentation and Reporting
- Maintain up-to-date documentation on server configurations, dependencies, and processes.
- Submit regular compliance reports to the central IT/security team to demonstrate adherence to these standards.
All exemptions are subject to annual review and must be renewed and approved by the central IT/security team.
Failure to meet these responsibilities may result in re-evaluation of the exemption status and potential migration to Azure.