This is actually quite common. Depending upon how picky your
auditors are, I have clients that daily extract a report of active users
from their Security/3000 database and match that against an
extract from their payroll system. Any discrepancies are put
into another report and reviewed the following morning by the
Security department.
Such a setup (regardless of who actually does the review)
catches those people that are no longer with the company
quickly, and doesn't rely on their (prior) management to
get supporting paperwork to the appropriate individuals
in a timely fashion (which never seems to happen).
Not a very fancy method, but those are usually the best.
Regards,
Michael L Gueterman
Easy Does It Technologies
email: [log in to unmask]http://www.editcorp.com
voice: (509) 943-5108
fax: (509) 946-1170
--
----------
From: Gary Jackson[SMTP:[log in to unmask]]
Sent: Wednesday, March 12, 1997 4:15 PM
To: [log in to unmask]
Subject: [HP3000-L] HP3000 policy
Our auditors have dinged us for not having a written policy regarding the
3000 and its users. They want:
A formal procedure to notify th System Manager of terminated employees in
order to delete the former employee's computer access.
Does anyone have this sort of thing that they could share with us?
TIA
Gary
Gary Jackson
Nevada CSOS
(916) 478-6407 - voice
(916) 478-6410 - fax