Importance of User access policy? SAS70 - SAS 70
Home > IT Blogs > SAS 70 > Importance of User access policy? SAS70
>>VIEW ALL POSTS  

SAS 70

« IFRS and the new accounting guidelines? SAS 70
Third party services and SAS70 audit »
Dec 7 2008   1:24PM GMT

Importance of User access policy? SAS70



Posted by: sas70expert
Access, Access control, CIO, CEO, SAS 70

Recently, I was on a plane flying home and started talking to a CIO about his SAS 70 audit. He seemed dismayed about a former trusted employee taking proprietary data from his company. He noted that they had a policy in place to remove the terminated employee from the company applications; however, this employee was able to walk away with the company’s list of customers.

 

Authorization of access to company applications and removal is a critical process that should be documented and followed by all employees, including executives. In our discussions, he noted that the CEO was a mover and shaker, but he did not always follow company procedures. This loss of data was a direct result of not following policy.

 

It is critical to a company and to the SAS 70 audit examination that employees and executives follow company policy to gain access and removals to company applications. Otherwise, why have a policy - Give everyone administrative access.

 

A good policy should require IT to only be the custodian of applications. They should only provide access when authorized by the business operations and initiated by human resources.  Trackback URL

AddThis Social Bookmark Button     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register