I would like to hear how other shops deal with auditors regarding data updates made by IT staff.
We use DFU/FILMNT/SQL for occasional data fixes. We print and file a log with who and why the change was made. Then to appease the auditors, we journal pretty much everything. A report is generated twice a day that shows any of these update methods and the object updated. The idea being - the auditor pulls a report out of a pile and should be aable to find the documentation for that update in our paper files.
This is a big waste of system resources in my opinion. Recently we have started using an offsite vaulting scheme for all of our backups - we would like to get off the journalling merry-go-round for good.
So I'm hoping some of you will share with me how this works in your shop.