There is a problem with item 16. The db_dtsadmin from 2005 was replaced by db_ssisadmin in 2008. The problem dbas need to be aware of is that a member of db_ssisadmin has the ability to elevate themselves to the full sysadmin role. Not good. Instead, add the group or account to both the db_ssisltduser and db_ssisoperator roles. Strikes me as a pretty serious flaw which should be addressed by MS, but this behavior still exists in 2012 version.