Richard Chycoski wrote: > Our S-Ox auditors make extensive use of screenshots to document > compliance. The auditors aren't as interested about what goes on inside > as they are in the visible results, which in many cases means - what > showed up on the screen? >
One thing I have seen done, which I thought made sense, was an auditor standing over my shoulder asking me to display different configuration files, and asking to make screenshots as we went, and then at the end of the session, the auditor asked me to copy all the screenshots to a usb key. In all the audits I took part of, including some Sarbanes-Oxley compliance ones, I, as the system administrator, was always the one driving at the keyboard, and the auditors always trusted us on which machine did what. We could have gone to the QA box, or really to a completely different setup, and they wouldn't have known (I am assuming that some environments do thorough audits where no trust is put into anybody). -- Yves. http://www.sollers.ca/ _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
