IT sites SOX as reason we can not diag. Dropped packet problem in setting up IP Phone system.

15 pts.
Tags:
Access Rights
Packet analyzers
Router and switch management
SOX
SOX compliance
Vendor management
Vendor partner business issues
We have wasted 20 hours proving to another IT company that the issues are in their firewall.  They will not let us even see what they are doing...quoting SOX as the reason.  We have finally told the customer that unless we can not see their configuration, they will need to purchase another internet connection and router for us to complete what we are contracted to do.  
Is SOX really the issue here?  If so, what do you suggest.  There has to be a way to do this.  We are insured and bonded for what we do.  Isn't there something we can sign?  Logic dicates that there has to be some way to do your job?
Please help me anywone?
Sincerely,  Frustrated and not making money.

Answer Wiki

Thanks. We'll let you know when a new response is added.

SOX has nothing to do with prevending you from getting the information that you need. However if they refuse to give you the information needed to complete your job you are pretty much screwed. Unless you can convince them to give you the info you’ll have to have the client purchase another network link and router.

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TNTGRP
    Thank you for your input. It helps just to hear it. In 20 years I have always been able to "play nice in the sandbox", while keeping the customer in the dark as to any issues during my installations. However, by now my reputation with my customer has taken a beating. Do you know of documentation that I can produce that would substantiate this. I got on the SOX website but the information is overwhelming. Thanks again, Erick
    15 pointsBadges:
    report
  • Denny Cherry
    The SOX website and the text of the law itself are the authority. It all depends on how they and their auditor interpret the law.
    66,010 pointsBadges:
    report
  • TomLiotta
    The overall situation is unclear. Without knowing what services are provided by "another IT company" in this case, there's no way to know if it falls within SOX nor any other sets of regulations. We also don't know anything about the client and what regulations they might be under nor about other clients that might be served through whatever "another IT company" is doing with the same devices or functions. If it's a firewall, it seems a little unclear how seeing anything about the firewall's configuration could make a difference to you. You should only need to request that certain ports and/or protocols are made available for you. You shouldn't need to "see" anything about how the device operates. Make the request through some medium such as e-mail that provides copies to the client. The client should ensure that necessary facilities are available. It should be up to the client for that element. Now, as to "another IT company" playing nice, yeah, that can get messy. I've worked through circumstances somewhat similar sounding, and it can get touchy. Be diplomatic with the client, and work at getting them to drive the resolution. This may require going one or more steps above anyone with whom you normally work, and in rare cases, even a step below. Having the right liaison sometimes makes the difference. Tom
    125,585 pointsBadges:
    report
  • Bobkberg
    Without getting into any of the legal implications, I would suggest using NMAP to "scan" from an IP imitating an IP phone using the appropriate port numbers to the destination IP of the phone system. Unless the firewall is a proxy or application firewall (which might complicate matters), there are Nmap scripts which can be used for testing SIP status. At that point, it becomes an issue of "run this test SIP simulation" without using any real phone data. Either the test packets arrive or they don't. The other question that crosses my mind (reading others' comments about playing dirty or nice) is: Does this other IT outfit stand to gain any business by making you look bad? I would take this issue up with the end customer directly - especially if the other IT outfit refuses to run the Nmap tests. Bob
    1,070 pointsBadges:
    report
  • Bobkberg
    One old quote "Patriotism is the last refuge of the scoundrel" might also be appropriately paraphrased in this case as "Secrecy is the last refuge of the incompetent". Bob
    1,070 pointsBadges:
    report
  • TomLiotta
    “Secrecy is the last refuge of the incompetent” As much as I personally agree, it's hard to take that stand when my credit card info is visible. In the context of privacy regulations, secrecy is a fundamental measure of success. So, for example, I might divulge that a particular encryption algorithm was being used; but the working "configuration" (e.g., the decryption 'key') would remain secret. Tom
    125,585 pointsBadges:
    report
  • carlosdl
    I don't think you should be allowed to see their configuration. In any case, you might need to ask specific questions about their configuration and share some details about yours. If they say the problem is not in their firewall, they should at least allow the necessary tests to prove their point. As suggested by Tom, make sure your client gets copies of any request you make to the other company. OTOH, there are some networking experts here. Maybe someone can suggest specific tests or any other kind of help if you share some technical details about the problem.
    68,650 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following