First off, by SAN, I am assuming that you mean the network that connects your disks to the servers, as well as the disk controller itself.
You have to start choosing your points by defining the goal of this procedure. If you’re mostly interested in stability, you would start with the points that have the potential to bring down the system. If it’s security you’re worried about, you would start with the systems that control access. I’ll line up a few for both categories to get you started
For stability, you should watch first and foremost the firmware levels and features on the disk controller and SAN switches. You should watch the port and LUN zoning, as well as the device and multi-path drivers installed on the hosts. You should watch the raid configuration, the disk configuration (including the ratio of hot spares), and the power/cooling chain. If any changes are made in any of these, they have the capacity to completely fail your environment.
For security, you should focus on LUN zoning, firmware levels on the controller and switches, as well as the user permissions and user creation on both the switches and disk controller. Also, if you can physically lock down unused ports on your fabric, you reduce the risk that someone will just plug in a foreign device and get at your data that way.
If you need more detail than this, I’ll need more details about what you’re trying to do and how you currently do business. Feel free to elaborate here or on my blog at http://opensystemsguy.wordpress.com/