Hi all, I'm looking for examples of SOX narratives for SEIM utilization. We have a new SEIM (McAfee Nitro) for monitoring our network. Since it also monitors our financial systems it is considered a key control, thus I need a narrative.
I'm really struggling with the contents of the narrative. If anyone has a narrative they are willing to share, I would love to have a reference. (I'm willing to sign an NDA if necessary). Alternatively, if any of you are or have been an auditor, what types of evidence would you be looking for? Thanks in advance for any help! Kevin
