Greg, We had many areas. like 17 but some of those had several underneath. Backups, Offsite Computer room access Modems attached to 400 System values Job scheduler changes / documentation for adds / updates /deletes Job scheduler review if jobs failed during process Resolution log of these errors All kinds of user profiles audit. users with ALLOBJ / SECADM SECOFR authority users with default passwords Generic user ids 3rd party package userid command line access / 400 and mapics privileged acct users What mapics jobs user can run. (Like user that create P/O's can't do receiving.) lock down commands like wrkjobscde, upddta, pwrdwnsys etc lock down libraries so programmers can only access production env with read authority New user being added - documents and approvals documentation of deleted users Change Mgmt - documentation of production env changes / program / data / new development testing etc. Periodic review of controls. bi-weekly, monthly, semi - annual. Think that covers it. This is high level... Greg Wenzloff <GWenzloff@xxxxxxxxxxx> wrote: Thanks Ann and Pete! Pete - I would like to know about your SOX audit. I'm getting ready for my audit and there are way too many ways to get in hot water. Perhaps you could post on what they tested you on. There are probably others on this list in the same boat. Thanks, Greg _______________________________________________ This is the MAPICS ERP System Discussion (MAPICS-L) mailing list To post a message email: MAPICS-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/mapics-l or email: MAPICS-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/mapics-l.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.