Documentation (Process Flows) 612



  • Can anyone share documentation (process flows) of User Access (Sec) for the following areas: Network, Servers, Databases?
    How detailed are the flows or can they stay at the process, high level?
    Any feedback you can provide will be greatly appreciated…
    Thanks,
    K.



  • Can anyone share documentation (process flows) of User Access (Sec) for the following areas: Network, Servers, Databases?
    How detailed are the flows or can they stay at the process, high level?
    Any feedback you can provide will be greatly appreciated…
    Thanks,
    K.
    It’s not absolutely necessary to prepare process flows for these activities as they can often be adequately captured in a system narrative. Where I’ve completed process flows they have tended to be high level and supported by narrative.



  • We are documenting our systems broken down into the categories of I-Series, X-Series, PC use, and a Common Environment.
    Most of our financial impacting systems run on the I-Series so we are identifying our risks and associated controls with this system under the categories of Program Development, Program Change, Computer Operations, and Access to Programs and Data.
    However, our X-Series does not host any applications at all. It is used to run our IP phone system, email, act as a backup server for PC users to store files. We are considering not even documenting the X-Series component as there are no related financial impacts with the X-Series.
    So my point is examine your servers/systems carefully as you may not even need to document them depending on their impact on the financials. We are hoping to get our X-Series requirements clarrified today. Will update.



  • What kind of files are stored on the X-Series
    Storage and backup are parts of CobiT



  • What kind of files are stored on the X-Series
    Storage and backup are parts of CobiT
    We’re not following CobiT. Our parent company in the UK (we’re in Canada) designed a normative model which is slightly different.
    The files stored on the X-Series as backup are MyDoc type files.
    We have, on the I-Series for example, a tape backup system using BRMS which we are documenting. The X-Series has a similar backup procedure but again, the X-Series has no financial impact on reporting. We won’t know now the status of documenting the X-Series until Monday.


Log in to reply