InfoSec guy here. Looking for advice on staying agile while meeting ITGC controls.
AWS is the gold standard IMO:
AWS isn’t alone. Companies like Facebook & Etsy utilize similar processes that pass SOX ITGC audits.
I get the feeling most auditors are new to the concepts and push-back when narratives don’t match traditional P&P.