LISTSERV - HP3000-L Archives

HP3000-L Archives

August 2004, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L August 2004, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Sarbanes-Oxley & HP-e3000 & MPE/iX
From:	Andreas Schmidt <[log in to unmask]>
Reply To:	Andreas Schmidt <[log in to unmask]>
Date:	Wed, 25 Aug 2004 09:03:33 +0200
Content-Type:	text/plain
Parts/Attachments:	text/plain (53 lines)

Folks,

sitting here in Germany, I have to "survive" a SOX-Audit for one of our
customers as well.

PWC didn't come with a TECHNICAL audit for MPE specifics - they don't know
anything on HP-MPE! For Unix I'm a bit involved as well they have a
specific questionnaire, asking for dedicated processes e.g.
For MPE I was asked to complete a general questionnaire covering generic IT
rules / processes like Change Control, Backup, Recovery, User access.

In general, the keyword here is "evidence" - how do we ensure that controls
are effective, how do we monitor etc.

Because of the company privacy I cannot give examples in here.
But basically: don't hide anything! Make the auditors happy in hearing what
kind of controls you have - and how you ensure that they are effective -
log records, VEAUDIT report, ...

For example, OP in production environment.
Do you know the people having the password ? Can you keep track of the
logons ? Can only those people logon ? If you answer questions like this
with YES, it's SOX complaint I would say.
SOX is "only" a formalized audit to ensure IT operations basics, containing
an huge effort for proofs/evidences.

Have a good day,
Best regards,
Andreas Schmidt
CSC Managed Services GmbH
Global Infrastructure Services, Global Processing Engineering Services
DuPont-Strasse 1, Room 1-346
D-61352 Bad Homburg
Germany
Phone: +49 (0) 6172 / 87-2117 Fax -2195   DUCOM x951-2117
eMail: [log in to unmask]
HP e3000 Intranet Information at http://web1.cscbhg.dupont.com/web/hp3000/
Unix Intranet Information at http://bhghpx12.bhg.dupont.com/


----------------------------------------------------------------------------------------

This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
----------------------------------------------------------------------------------------

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU