Andrew, it might be easier to enforce that with process rather than software. Make it a basic rule that one cannot approve one's own RFCs. The CAB can enforce it.
Rick On May 31, 2011 10:11 AM, "Andrew C Goodall" <ago...@jcpenney.com> wrote: > > > > > All, > > > > ITSM 7.5.01 > > > > The first step in our change approval process for normal changes will be > for the Assigned Group Change Approver to approve or reject the change > request during the review phase. > > > > Anyone with this functional role can also submit changes themselves to > their own support group and then subsequently approve their own change > request. > > > > Our auditing and IT risk management believes the tool should prevent > this out of the box, but it DOES NOT. > > > > Has anyone else come across this concern and developed a solution to > mitigate this risk? > > > > Regards, > > > > Andrew Goodall > > Software Engineer 2 | Development Services | jcpenney . www.jcp.com > <http://www.jcp.com/> > > > > </pre><font face="monospace"size="-3"><br>The information transmitted is intended only for the person or entity to which it is addressed and <br>may contain confidential and/or privileged material. If the reader of this message is not the intended<br>recipient, you are hereby notified that your access is unauthorized, and any review, dissemination,<br>distribution or copying of this message including any attachments is strictly prohibited. If you are not<br>the intended recipient, please contact the sender and delete the material from any computer.<br><pre> > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
