A personal shared folder a violation? 3183



  • I have a build server that builds for several projects. I shared a few folders on that machine. 1) a distribution folder for the builds, 2) a downloads folder that contains all the installers to recreate the build environments and 3) a development folder for the installers I’m developing. I share the dev folder so I don’t have to copy the file to a share then grab it from there on the test machine. My question is if sharing a folder is a SOX violation? I have an IT guy that is telling I can’t share any folders without going through the IT department. I worked for a company that was saying a lot of things were a violation but never a shared folder off a personal machine or a build server. It would be insane if this was a violation.
    Thanks in advance for any knowledge.
    jeff



  • Different companies have different policies as far as SOX goes. In general, there is nothing wrong with shared folders as long as access is restricted to those who need access. If access is to download or read a file, then it is difficult to see the harm in that. If shared access allows everyone to write to a file that should be secured, then that is an issue.
    Work with your team to understand why they think there is an issue. Once you have the Company position, talk with your auditors to see if they agree. Sometimes having the auditor tell others that they don’t have to be so locked down will convince management to ease up on things that they have too tight of control over.



  • I also agree with kymike’s good comments … Folder sharing can be done as long as only ‘the need to know’ individuals are properly defined and it does not compromise financial system controls. As he shared, hopefully you can work with the IT folks to alleviate concerns, and lock down resources appropriately. I’ve seen organizations take SOX standards like the SOX 404 IT compliancy controls beyond what is reasonable.


Log in to reply