You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

SoX - Config changes and logs

Accepted answer
edited Jun 3, 2019 1:18PM in Financials – General 7 comments


SoX requirements Configuration changes and privileged user logging


We've been acquired by a US company, so we now have to comply with SoX. We've got a team of consultants who've identified some gaps in our controls, and some potential remediation, but the requirements are a bit woolly.

One gap references a review of all configuration changes being able to be tracked to our change management process - the part we don't have covered is the ability to extract a full population of configuration items/configuration changes. Our consultants also haven't defined what 'configuration changes' entails so struggling a bit here too! I was looking at using 'Manage Audit Policies', however have been told that this wont be an effective control due to users with privileged access having access to:

Howdy, Stranger!

Log In

To view full details, sign in.


Don't have an account? Click here to get started!