Software Version Compliance for SOX ??? 1948



  • Hi,
    Please somebody tell me if there is anything on Software version compliance in SOX?
    Example: Do any company to be with Windows Vista operating system (released to business use November 30, 2006) by a certain date to be SOX compliant? In other words, is it necsessary to get upgraded to latest (or latest -1) version of any software to be SOX compliant?
    Thanks,



  • The short answer is ‘no’. SOX or COBIT do not require you to operate on the most recent version of any software. Best practice would dictate that you are always operating on a supported software version, though.



  • Thanks kymike.



  • I also agree that it is not a SOX requirement. In fact, many Sox compliant companies still use Windows 2000, Office XP, NT 4, Windows 9x, etc.
    Still, it’s prudent for companies to try to stay near current software releases (maybe one release back), so they are compatible with their business partners and enjoy improved security. A company should only move to the very latest products if there are good tangible business benefits.



  • …a supported software version …
    Any ideas on the loss of XP? Just discovered yesterday, that VISTA and our ERP do not work/play well in all areas. Vendor (offshore) has no answers. and doesn’t beleiver they need SOX compliance.



  • …a supported software version …
    Any ideas on the loss of XP? Just discovered yesterday, that VISTA and our ERP do not work/play well in all areas. Vendor (offshore) has no answers. and doesn’t beleiver they need SOX compliance.
    XP isn’t going away for a while. Best practice would also have you testing your ERP and other application software with a new operating system prior to migrating. If it won’t work together, then you have a business decision to make.



  • Hi SSS and welcome to the forums 🙂
    I agree with kymike, as the SOX requirements for ERP are more about the financial controls for this integrated applications environment. There are no SOX requirements that ERP applications must standarize under a single operating system (or even the latest version of an OS like Vista). In fact many companies must support multiple versions of their operating systems (e.g., Vista, XP, 2000, Apple, Linux, etc).
    Some products may are not be ready for Vista and a company should perform application certification testing (esp. web apps running under IE 7), to ensure they will work properly.
    Enterprise resource planning definitions
    Please paste to browser and no www is needed
    en.wikipedia.org/wiki/Enterprise_resource_planning



  • XP isn’t going away for a while.
    But I hear from my IT people (who are closer to tech then me at this point) that MS is not planning to support XP. I’m not looking to move to VISTA, we have one PC and LAPTOP in development testing the applications, this the ‘tada’ ORION doesn’t work. Fine for me in the long haul, I can dump the ORION software product and move to Oracle e-business … six months ahead of time.
    In the interum, go plenty to sweat about, being we now are now under SOX reporting. Ah, the days before the IPO.
    TIA



  • From the MS website -
    XP Professional
    Mainstream support thru 4/14/2009
    Extended support thru 4/8/2014



  • Hi - Your IT department is correct in that XP will not be further enhanced for new functionality , etc. It’s actually a good thing to deploy the most current operating systems, but your company has time on it’s side also. Vista is so new (Jan 2007 release), that many companies haven’t even starting compatibility testing yet.
    Still, as kymike shares XP has at least a few more years of direct support by Microsoft (e.g., patched from a security perspective and most likely updated for new hardware device drivers). According to the latest life cycle documentation, it will be directly supported until 2009 with extended support (meaning you pay USDUSDUSD for patches) until 2014.
    Below is also a link that might help:
    Please paste to browser and add www
    microsoft.com/windows/lifecycle/default.mspx


Log in to reply