With companies under pressure to reduce costs, IS departments have been the target of many budget cuts. One of the most common cost reduction techniques is the consolidation of data centers.
During good times, most large development groups enjoyed a close relationship with their data center. Because of their familiarity with the applications, the data center was expected to react and correct many application problems. The close relationship allowed for informal processes to be used in major application and data center supported functions.
However, we have recently entered the era of regional processing centers, where a user is considered and ID and an application is just a name. All previous expectations of the data center should not be interpreted as "THE CONTRACT WITH THE DATA CENTER" . If a new job is established, either an automated restart/recovery process must be established or a restart/recovery procedure must be written in a "cookbook" format. Otherwise the operator will not know how and where to restart the job. Also, if data set naming conventions are not adhered to, security administration will not be able to identify when one application infringes on other applications naming conventions. These are examples of development expectations which cannot be fulfilled by a regional processing center.
In this new order of regional processing centers, certain control functions which were previously performed by the data center are now performed at the department level. With such new department level control functions, the auditor must now include these departments when they perform data center reviews Some control functions which should be established within individual departments include:
cross department monitoring of naming conventions
job processing post review
establishment of department level security policy
security database design
monitoring security violations
emergency ID activation, follow-up, and review
decentralized security administration and reconcilement of access granted
change management configuration
For a free proposal to perform an audit of your organization or provide SOX support & testing services, contact Mitchell Levine of Audit Serve at (203) 972-3567 or via e-mail at Levinemh@auditserve.com.
Free Audit Vision Newsletter Since 1991 Join 3,500 other subscribers
Advertise with Us