Is anyone having to work under Sarbanes-Oxley (SOX) controls? - Webmaster General forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Is anyone having to work under Sarbanes-Oxley (SOX) controls?

How does your website access work under Sarbanes-Oxley?

agentalpha

3:27 pm on Aug 31, 2007 (gmt 0)

10+ Year Member

My company has been under Sarbanes-Oxley (SOX) for over a year now and there has been some talk recently that as webmaster I should not have the ability to directly update the website. Their argument is that the website is just another production application so it should have to go through a formal change management process with no production access from a developer, which in this case is me as the webmaster. I don't believe this strict control over the website exists on other companies so I wanted to engage this group to see what experiences you might have with SOX. Any thoughts you had on the questions below or any other comments related to SOX would be greatly appreciated.

- Do any of you webmasters out there have to worry about SOX controls in any way?

- Do you still have full access to update the website or do you have to go through someone else (like a sys admin) in anyway?

- Does working out of Marketing or IT make any difference?

- Are there any formal change management policies in place?

Thanks!

jomaxx

3:55 pm on Aug 31, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

as webmaster I should not have the ability to directly update the website

the website is just another production application so it should have to go through a formal change management process

LOL, I used to work for one of these dinosaur companies. Not in the web area, though. I almost stopped working altogether once it got to the point that there were more people trying to STOP me from implementing fixes and upgrades than there were trying to help me.

Except where you're dealing with financial transactions, I think the best argument is that almost ALL websites have bugs and glitches and errors, or even go down for short periods, and it's no big deal. No surfer has the expectation that your site will be perfect.

agentalpha

4:28 pm on Sep 7, 2007 (gmt 0)

10+ Year Member

I used to work for one of these dinosaur companies

Yeah that's why I want to gather some info and change their minds!

andyll

6:57 am on Sep 8, 2007 (gmt 0)

10+ Year Member

Except where you're dealing with financial transactions, I think the best argument is that almost ALL websites have bugs and glitches and errors, or even go down for short periods, and it's no big deal. No surfer has the expectation that your site will be perfect.

Most large company websites tie into their internal domains for various purposes.

Offhand I can think of 5 different ways access from the outside world ends up on an internal server at our company.

The liability of our company is huge if someone was to gain unauthorized access to internal servers.

Outside of security and access ...

Any content that goes on the website has the same legal standing as any printed document that goes outside the company.

In some ways it is controlled more then the security side of it.

Any content that goes to the website (or directly to the clients) that relates to our product is reviewed by all directors... they are legally responsible under SOX for it.

Any other website content goes through our marketing department only.

Any company that falls under SOX will have the people legally responsible for the website wanting some controls in place.

Quite honestly... not even taking SOX into account, if your companies website is more then a 10 page brochure and is in any way integral to the companies business I don't understand why those controls are not in place already.

Andy