On Jul 2, 2009, at 6:25 PM, Derek J. Balling wrote: > We recently had a meeting between our data-center operations folks and > our bean-counters. The long and the short of it was, for companies > where they have SOX compliance to deal with, etc., etc., how granular > are other people getting on their asset tracking. > > For example,... > > - When you upgrade a server from 16GB to 32GB, does accounting get > notified that the valuation of the server has changed for depreciation > purposes? When you swap out the 146G hard drives for 300G hard > drives, is there any accounting controls you enforce for that type of > action? > > - Is there anyone who is ACTUALLY tracking their hard drives and > individual DIMMs through their enterprise, even if they were bought > separately later as an upgrade to an existing piece of hardware? > > - What do you do when you take that 16GB out of the server above and > toss it on a shelf as being obsolete? Does accounting ever know? or > care? > > - Do you bother to tell accounting when $VENDOR comes out and swaps > out a motherboard, changing the serial number of the hardware in the > process? (and yes, for some vendors, a replacement motherboard DOES > change the serial number). If you don't, doesn't that really hamper > the ability to audit the asset tracking when asset ID # N used to > belong to S/N XXXXXXX and now belongs to S/N YYYYYYY?
For the one employer that was bound to SOX compliance... no, to all of the above. Maybe we should have, but we never tracked components like that, and the SOX auditors never stated it as a requirement. We talked about setting up a CMDB that would track individual components to this level, but it was as a part of ITIL implementation, not SOX. > - Do you tell accounting when you ship hardware from one colo facility > to another? This we may have done, I don't fully recall, if by "hardware" you mean an entire box. -------------------------------------------------------------------- Leon Towns-von Stauber http://www.occam.com/leonvs/ "We have not come to save you, but you will not die in vain!" _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
