HP3000-L Archives

March 1997, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: HP3000 policy
From:
Michael L Gueterman <[log in to unmask]>
Reply To:
Michael L Gueterman <[log in to unmask]>
Date:
Wed, 12 Mar 1997 16:45:43 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (44 lines) 
This is actually quite common.  Depending upon how picky your
auditors are, I have clients that daily extract a report of active users
from their Security/3000 database and match that against an
extract from their payroll system.  Any discrepancies are put
into another report and reviewed the following morning by the
Security department.
  Such a setup (regardless of who actually does the review)
catches those people that are no longer with the company
quickly, and doesn't rely on their (prior) management to
get supporting paperwork to the appropriate individuals
in a timely fashion (which never seems to happen).
  Not a very fancy method, but those are usually the best.

Regards,
Michael L Gueterman
Easy Does It Technologies
email: [log in to unmask]
http://www.editcorp.com
voice: (509) 943-5108
fax:   (509) 946-1170
--


----------
From:  Gary Jackson[SMTP:[log in to unmask]]
Sent:  Wednesday, March 12, 1997 4:15 PM
To:  [log in to unmask]
Subject:  [HP3000-L] HP3000 policy

Our auditors have dinged us for not having a written policy regarding the
3000 and its users. They want:
A formal procedure to notify th System Manager of terminated employees in
order to delete the former employee's computer access.

Does anyone have this sort of thing that they could share with us?

TIA

Gary
Gary Jackson
Nevada CSOS
(916) 478-6407 - voice
(916) 478-6410 - fax

ATOM RSS1 RSS2