IT System Request Tracker: SOX Compliance
Client is the leading global supplier of rolling bearing and seals. Along with a varied range of products it also offers extensive solutions and services in this area.
Client wanted to implement SOX compliance in their IT Department process but their system did not provide any support to SOX standards. So there was a need to have a new system which will support tracking of all the IT project activities as per the SOX standards.
The SOX compliance requirements for IT were generally based on the Control Objectives for Information and related Technology (CobiT). Below is a partial list of objectives stemming from COBIT that pertains to change management.
- Software changes must be controlled in accordance with the organization’s change management procedures.
- Procedures should be in place to control the handover of software from development to test to production environments.
- Development personnel are prohibited from migrating applications and data from the test environment to production.
- A similar software management process should be observed whether developing a new application or modifying an existing application.
- Procedures should be in place to ensure that all requests for change are assessed in a structured way for all possible impacts on the system.
- The release of software should be governed by formal procedures that ensure sign-offs or approvals.
- Changes must be tested by an independent (from developers) group prior to installation into the production environment.
- Internal control measures should ensure distribution of the correct software element to the right place, with integrity and adequate audit trails.
- The software management framework should require that a test plan be created for every development, implementation and modification project.
As the system is used in IT Audit as per the SOX compliance requirements, the solution was provided as per the different phases of SDLC life cycle. The system serves as a workflow, document repository, auditing tool for all the IT systems within the company.
The solution has automated below mentioned five phases of SDLC life cycle in accordance to the SOX compliance requirement as below
|S.N.||Phase Title||Phase Description|
|1||Initiation||In this step, the request is registered and depending on the higher authority decision, the project is either kept on hold or moved to next phase or it can be rejected.|
|2||Pre-Study||In this step, the project request is studied under the company’s pre study guidelines, and accordingly the project is either kept on hold, or rejected or moved to either definition phase or realization phase(depending on the type of Change Request).|
|3||Definition||Risk Assessment is to be performed on significant changes and always on new Applications. Test plans are created and system implementation is planned.|
|4||Realization||Based on approved system definition the User Acceptance Test Plans are created, Business process description is created or updated and the new system is tested under the real time environment and approved for implementation.|
|5||Implementation||This is the final phase where the system is implemented.|
- The system saves time and efforts and provides an accurate automated system that enhances the current processes of project tracking and development.
- Helps in tracking of all the IT project activities.
- System helps in efforts and cost estimation.
- System changes Request Management.
- Automates the Approval and Notifications.
- Supports to all kind of change request(like major, minor, fast track)