I need to admit: I really love writing audits. It has a certain degree of scientific working to falsify statements. So I was recently confronted with the following quote from a responsible IT manager:
We are not concerned with security, but with liability. If Microsoft promises security, this is enough for us.
Well, unfortunately I did not attend a judicial exam but when I read the Microsoft EULA1 regarding risks and liability, I consider the circumstances slightly more differentiated:
DISCLAIMER OF WARRANTY. THE SOFTWARE IS LICENSED “AS IS.” YOU BEAR THE RISK OF USING IT. MICROSOFT GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS.
This limitation applies to (a) anything related to the software, services, content (including code) on third party Internet sites, or third party applications; and (b) claims for breach of contract, warranty, guarantee, or condition; strict liability, negligence, or other tort; or any other claim; in each case to the extent permitted by applicable law.
However, good luck!
P.S. Do you intend to introduce new software or to change your IT landscape?
As an independent and competent third party I am available for any type of IT audits.