× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2007

RE: Separation of Duties...

Hi Vincent
I too used to work for a bank.
Now that I'm working for a manufacturer, Sarbanes-Oxley is a piece of cake
in comparison.
However, I'm surprised at what you have stated.
We were audited a minimum of twice a year. Like you, gaining access to the
Production system was harder than gaining access to Fort Knox. Unless there
was a problem, but you still needed EVERYONE John Hancock to c.y.a.
However, as far as development was concerned, we could trash that system
every which way you could think of, and then some.
ABSOLUTELY NO commands were inaccessible, as that may be the only secure
way of accomplishing something when it finally was placed into PRODUCTION.
Every single audit that we went through, ALWAYS resulted in top marks by
every single auditor, so may I suggest that you go back to the powers that
be and ask them to re-think what is accessible on the development system.

Good luck


Alan Shore

NBTY, Inc
(631) 244-2000 ext. 5019
AShore@xxxxxxxx
"If you're going through Hell, keep going" - Winston Churchill

midrange-l-bounces@xxxxxxxxxxxx wrote on 10/31/2007 03:37:35 PM:

Be thankful you don't work for a bank.

As a developer, I'm not allowed to even log on to the production system.
Except if there is a problem that Operation doesn't know how to solve.
Then I have to send an eMail justifying why I need access, how long do I
need it & what I'm going to do.

On the development system, I don't have access to dozens of commands
that could use in programming. I have to ask for permission to use FTP
commands with the usual why, when, how long etc.

Currently I have one form for a change request & one to promote the
changes. They want to optimize it to about 20 pages of forms. 18 pages
are for planning, approvals & sign offs.

For a simple query, it used to take me an hour or two. Now it is at
least 2-3 days & soon to be only once even other week.

More security changes are coming. Really Big Sigh! :(

\Vincent


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Don
Sent: Wednesday, October 31, 2007 3:09 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Separation of Duties...


Lemme guess, this auditor was trained at the only college that doesn't
teach
iSeries as part of their core IT and Management/finance/auditing
curriculum...OH, Wait...that's basically ALL of them... Gee...IBM...uh,
education, what a concept...

Once again, people bring to the work place what they learn in college...

Don't blame the auditor...IBM dropped the ball on education and he/she
never
probably had a chance to learn about iSeries...

Don in DC

==================================

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Ron Adams
Sent: Wednesday, October 31, 2007 11:38 AM
To: Midrange Systems Technical Discussion
Subject: Re: Separation of Duties...

DB2 for iSeries doesn't really require an "Admin" like a lot of other
databases do.

Sounds like the auditor is unfamiliar with the iSeries, and is using a
template to do your audit. I've been thru this with a few and had to
'splain to them how the iSeries works. Most of the time they claim
they understand and just go away.

--
Ron Adams
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.