× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2004

RE: Sarbanes & Oxley

Ditto. SOX has required auditing of (among other things)
* ODBC access to AS/400 data files
* Authority to data and program objects (esp. *PUBLIC)
* FTP access to AS/400
* Monitoring "master file" changes (we use trigger programs, others may wish
to journal). Although the actual monitoring is perform by the functional
department, providing the capability is performed by IT.
* Data backup procedures
* General security including group membership, command line access, special
authorities, etc.
* Segregation of duties at IT level (programmers vs security vs operations)

And all this just for the AS/400 side; we have a similar list for the
network admin.

Those of us who use packaged vendor applications are in the process of
revising security and understanding application and object security. The
more well-known products (BPCS, MAPICS, Infinium, JDE) may have this worked
out for their customers. Smaller vendor packages are coming to realize that
they must accommodate for regulations and non-greenscreen activity.

Like I said before, SOX affects primarily financial systems, and the
accounting, purchasing, and finance departments get their share of procedure
audits. The auditors are also looking at the IT side to ensure only
authorized users can read and manipulate financial data.


Loyd Goodbar
Senior programmer/analyst
BorgWarner
E/TS Water Valley
662-473-5713

-----Original Message-----
From: Graap, Ken [mailto:keg@xxxxxxxxxxxxx] 
Sent: Monday, August 23, 2004 12:24
To: 'Midrange Systems Technical Discussion'
Subject: RE: Sarbanes & Oxley

I would have to agree with Carolyn.... SOX is a "technical issue" we have
been working on all year long! In fact, it is our #1 technical issue this
year!

Kenneth

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Burns, Carolyn
Sent: Monday, August 23, 2004 9:42 AM
To: Midrange Systems Technical Discussion
Subject: RE: Sarbanes & Oxley


This is a technical issue regarding documentation and gaps in systems.  If
your year end is prior to October 15th 2004 you do not have to be compliant
until your 2005 year end.  I have consultants who specialize in this area in
IT and have been working with it quite a bit.  Hope this helps.


Best Regards,
Carolyn 
Business Development Manager
MODIS IT
1230 Rosecrans Avenue Suite 425
Manhattan Beach, CA 90266
Telephone: 310-727-3272
Cellular Phone:  310-989-0481
Facsimile:  310/727-1920
carolyn.burns@xxxxxxxxxxx


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of David Gibbs
Sent: Monday, August 23, 2004 9:05 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: Sarbanes & Oxley


Doug Hart wrote:
> Does anyone know if there is a date when companies must be SOX compliant?

Folks:

SOX compliance is pretty much a non-technical topic ... could we move 
this thread over to MIDRANGE-NONTECH 
(http://lists.midrange.com/listinfo/midrange-nontech)?

Thanks!

david

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.