Please ensure Javascript is enabled for purposes of website accessibility

Agile under the purview of SOX

Hi,

InfoSec guy here. Looking for advice on staying agile while meeting ITGC controls.

AWS is the gold standard IMO:

AWS isn’t alone. Companies like Facebook & Etsy utilize similar processes that pass SOX ITGC audits.

I get the feeling most auditors are new to the concepts and push-back when narratives don’t match traditional P&P.

What works?