Question about updating software runtimes 1849

bdm

Hello …
I work for a software development company … one of my larger clients advises he cannot install an updated version of my software (that is a bug fix for him) because of the SO act.
Does someone know or can you point me to documentation on software updates and SO? Is he correct - you can’t install software updates? when are you allowed to install updates?
or does he just not want to install updates?

jasoncrater

It may be his company’s policy that no applications or files may be installed unless done so by IT with proper approval. Is it possible that this is the case?
There is no specific guideline in Sox that says, ‘No application fixes permitted under penalty of…’
More and more often it seems companies are using Sox as an excuse to not do something they don’t want to do…Hopefully that is not the case as it gives people who don’t have knowledge of the legislation negative impressions.
Hope this helps.
J

harrywaldron

Hi BDM and welcome to the forums
As Jason shares, the SOX 404 standards (relating to financial IT controls) don’t specify anything like you’ve described. You can search here or the internet in general on SOX 404 and get numerous hits.
In fact, if it’s a security related change, I see the opposite case for some things like the Microsoft Windows environment, where you’d want the latest and greatest security patches and code base installed immediately
I can see the customer point on not performing an immediate install – if the specific software is a financial application and all updates must go through a formal review, change management, and change control approach.