Dominic, SAS is rather expensive (licenses etc) at the BI/DI parts not something for being used at home privately for fun.
In the more serious approach you have to make a good job of it. There is lot of public info on that, I will give some:.
- Standard of Good Practice - Wikipedia, the free encyclopedia
- Category:Principle - OWASP
- Advanced Level Technical Test Analyst - ISTQB® International Software Testing Qualifications Board
- Information Technology Infrastructure Library - Wikipedia, the free encyclopedia (ITIL)
There is al lot more of it, think off NIST guidelines COBIT SOX-404 etc.
It some asthonishing (predicting the failures) but not surprising (the cheaper argument) that that many of those basics are often missing.
An installation should be stable and verified not being changed intended/unitended.
A configuration is exposed to be changen tested validated and planned to operations.
By this difference in that requirement it makes a lot of sense tho have them segregated.
---->-- ja karman --<-----