System software patching 842
-
What has been your experience in testing the controls for system software patching?
Are you finding any of the following?- evaluation of patch to be applied
- patches installed in test environment
- test plan document
- testing conducted
- test results recorded
- chg mgt procedures being followed
- mgt approval to apply to production
- other
I’d be interested in hearing your experiences and what you are finding.
-
My experience is that IT staff tend to do whatever they want. Therefore, it is important that management advertise support for ‘the new S-OX controls’ ina software shop. And, hold staff accountable when they don’t follow the ‘new’ rules.