Server Room Access 945

  • We currently have a contractor who has full access to our server room and systems, do you think that is compliant with Sarbanes Oxley?

  • many folks can argue whether this is in the scope of sox or not…
    assuming you consider it in scope for sox IT general controls then it depends on many things…and will require you to ask more questions (may even require you to document)
    what does your policy/procedure say?
    what controls do you have in place?
    does the contractor have more access than is necessary to perform their job?
    does the contractor need full access to perform their job function?
    are there any controls to monitor and review the work of the contractor?
    unfortunately, there not just one answer to your question.

  • Thanks so much, i’m going to look into some of those questions.

Log in to reply