Excerpt from: IT Compliance
|
 |
| October 16, 2007 | | User and program name are vital for an accurate SOX compliance solution | As part of a regular product management exercise of interviewing customers, I asked one of our customers using our SOX compliance solution the following question: Solidcore: “How would you react if we took away the username and program name from change events?”
Customer: “We typically use the user and program name to determine how to track down and analyze the change for our SOX compliance solution. Our typical follow-up is to identify a change and then follow-up to verify that an associated change ticket exists. We have hundreds of change and service requests going through our Remedy system on a weekly basis, so it becomes impossible to do anything meaningful with the data (i.e. when we have nothing but a file name to work with and a 90+% chance of sampling data that is really a ‘false positive’).”
There are two important aspects that can be highlighted in this customer's response:
1) Username and program name are two very important aspects of change and they can help you in find the needle in the haystack.
2) The Change management reconciliation is not useful unless these two dimensions are available in change events. Without these two dimensions, the change reconciliation will have lots of false positives and be inaccurate.
This customer is using S3 Control for SOX compliance and general ITIL process improvements. by
Rishi Bhargava, Product Management
Rishi@solidcore.com | | |
|
|
