[Gllug] Audit Season...

Daniel P. Berrange dan at berrange.com
Sat Jun 27 08:16:20 UTC 2009 

On Sat, Jun 27, 2009 at 12:20:50AM +0100, Jose Luis Martinez wrote:
> On Fri, Jun 26, 2009 at 11:51 PM, Nix<nix at esperi.org.uk> wrote:
> > On 24 Jun 2009, Andy Millar uttered the following:
> >
> >>> On Tue, 23 Jun 2009 19:24:18 +0100
> >>> Simon Morris <mozrat at gmail.com> wrote:
> >>> > I've been asked to run the following commands on our Linux/Unix
> >>> > systems by an internal auditor.
> >>
> >> They are auditors.
> >>
> >> You do what they say, exactly what they say, nothing more, nothing less.
> >
> > Actually I've told auditors they were full of shit in the past, and got
> > away with it too.
> >
> >
> > It can be done.
> 
> I would be extremely careful with dishing such advice. Seriously, SOX
> and other national and international regulations could mean you are
> actually breaking the law if you are obtrusive to certain types of
> auditors, and certainly your boss may have to do lots of explaining if
> one of his charges is being unhelpful.

AFAIK, SOX does not proscribe particular technical solutions. So there 
is huge scope for interpretation of the SOX requirements by the auditors.
Ask 10 auditors what's SOX compliant and you'll get 10 different answers.
The question is whether your particular auditor is fixated on a single
particular solution they've decided upon, or whether they are prepared to
enter discussion about alternative solutions meeting the same end goal.

Daniel
-- 
|: http://berrange.com/     -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://freshmeat.net/~danielpb/    -o-   http://gtk-vnc.sourceforge.net :|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20090627/e0adfcc5/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list