I was wondering what sort of internal controls / web migration policies you use in your org to satisfy auditors.
Currently, external auditors mandate that someone other than the programmer who built the application migrate it, and that programmers as a unit are not to have access to the production environment. With all of the configuration and system testing that a migration entails (and not just a copy/paste of files) and the issues that arise as a result, this is an unrealistic "recommendation."
The policy that we would like to implement entails something much simpler. In addition to a signed migration form by management prior to the programmer migrating, we are considering a supplemental control that would scan the files on the production server for any date/file size changes, and generate a daily report of those changes to those files, which would then be matched up with any migration forms. Though there are some flaws with this plan, it would probably get the blessing from the auditors. Does anyone know of such a utility? Does Windows have something out of the box?
So please let me know what your internal controls are if you think they'd help us out. Thanks in advance!
Sincerely,
Andrew
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
