Shop floor users security policy 1160

  • We have shop floor workstations that run an access database to keep track of our production. Typically, most of these people have a high turn over ratio. I’m not sure how important security is on these workstations in that they have no access to company related financial information. We have hired independant Auditors, and each seem to have a different answer. My question is: do we need to implement security controls on shop floor production workstations and related user accounts? We currently have no password controls in that area. We have very strong password controls for management.

  • Does the Access database drive any information that makes it into your financial statements? If not, then you don’t need to be concerned from a SOX perspective. However, you should be concerned from a business management perspective if the database drives job scheduling, etc.

  • Directly or indirectly? Indirectly, yes. In that production does impacts the statements. If the figures are entered wrong then the statements in the end are wrong.

  • If you rely on the accuracy of the data coming out of those workstations, then you should have proper access controls in place (passwords, session timeouts, etc.). Absent good controls at the workstation level, you may be able to identify other controls that mitigate the risk of poor reporting via the workstations (inventory controls?).

Log in to reply