Help Desk and Sarbanes Oxley Compliance
The Sarbanes-Oxley Act of 2002 (SOX) came into existence in order to protect investors from financial wrongdoings by public corporations. It aims to increase financial integrity, transparency, and reliability of corporate disclosures. The IT department has a major role to play by offering support for accurate tracking and auditing of processes regulated by the Act.
Issues that a service desk must address to aid with SOX compliance include –
1. Problem Management System – A problem management system is for identifying events that are not covered by a standard process and the system is expected to record and resolve these events quickly.
2. Problem Escalation – The escalation of problems as per procedural definition of the type and priority of problem. It is also supposed to cover staff responsible for resolution and the most effective means of resolution.
3. Problem Tracking and Audit Trail – Automatic documentation of problems to facilitate an audit trail that covers the initial raising of an issue, its cause analysis, and finally resolution. The time and date stamps should be inviolable.
4. Emergency and Temporary Access Authorizations – Access authorization for emergency and temporary access with a standard for procedures to be followed; approval procedures and authorities to be listed; and procedure for reverting to normal operations to be delineated.
5. Emergency Processing Priorities – Establishment, documentation, and approval of emergency processing priorities.
6. Configuration Recording – Procedures to ensure that the inventory recorded consists of only authorized items, both for acquisition and disposal.
7. Configuration Baseline – A baseline of items meant for configuration that can be compared to keep track of items acquired or disposed of.
8. Status Accounting – A record of configuration items that includes histories as well.
9. Software Storage – A software storage library where all licensed software and software that is under development is stored and cataloged. Software storage should be different from development and production storage.
10. Software Accountability – Software accountability deals with the inventorying and licensing of software. Easy to follow audit trails of purchases, program and version upgrades, with version numbers and date stamps should be generated.