× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Ron, you're being given incorrect information.

This isn't a SOX mandate.  SOX doesn't even explicitly mention change
management.  See
http://en.wikipedia.org/wiki/Information_technology_controls#The_Sarbane
s-Oxley_Act or any other source on the actual text of the act.

In a nutshell all SOX says is that controls are in place to insure the
confidentiality, integrity, and availability of data.

You're probably reacting to how either your employer or your auditors
are interpreting SOX.  Most if not all interpretations will include
common things like segregation of duties, BCDR, and change management.
Change management will pretty much always include documentation of the
change, including a test plan to verify the change was successful.  No
where does it specify that all groups and all location have to sign off
on the test.  No where does it specify that users and not IT have to do
the testing.

I'm sorry you're knee deep in this.  There's so much BS being tossed
around in the name of SOX and other compliance regulations.


Now then, to address the problem I have three suggestions:

1. Baseball bat, end user, kneecaps.  Not a good career move but you'll
enjoy it.
2. Evaluate the entered value.  When they enter 03/02/2007 calculate it
out to 0.000747 and use that as the quantity.  Hey, you're only giving
them what they asked for.
3. Do input validation against that - and all - fields.  That you're not
doing it already is a sign of a poorly written application.  Folks can
argue all they want but all input - user, file feed, etc. - should be
validated before it is accepted.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.