Audit Serve, Inc.

 

Technical Articles
Conferences
Audit Programs
Audit Serve Seminars
Consulting Services
Audit Vision Email Newsletter Free!
What's New
Contact Us

 

The Worldwide Connection for Audit, Security, Control and SOX Professionals

The Control Impact of Data Center Consolidations
By: Mitchell H. Levine, CISA
Audit Serve, Inc.

                                                              

Low Cost & Highly Skilled 
IT Audit and SOX Consulting Resources Available Immediately
Call Mitch Levine at (203) 972-3567 or 
email levinemh@auditserve.com for additional information

With companies under pressure to reduce costs, IS departments have been the target of many budget cuts. One of the most common cost reduction techniques is the consolidation of data centers.

During good times, most large development groups enjoyed a close relationship with their data center. Because of their familiarity with the applications, the data center was expected to react and correct many application problems. The close relationship allowed for informal processes to be used in major application and data center supported functions.

However, we have recently entered the era of regional processing centers, where a user is considered and ID and an application is just a name. All previous expectations of the data center should not be interpreted as "THE CONTRACT WITH THE DATA CENTER" . If a new job is established, either an automated restart/recovery process must be established or a restart/recovery procedure must be written in a "cookbook" format. Otherwise the operator will not know how and where to restart the job. Also, if data set naming conventions are not adhered to, security administration will not be able to identify when one application infringes on other applications naming conventions. These are examples of development expectations which cannot be fulfilled by a regional processing center.

In this new order of regional processing centers, certain control functions which were previously performed by the data center are now performed at the department level. With such new department level control functions, the auditor must now include these departments when they perform data center reviews Some control functions which should be established within individual departments include:

  • cross department monitoring of naming conventions
  • job processing post review
  • establishment of department level security policy
  • security database design
  • monitoring security violations
  • emergency ID activation, follow-up, and review
  • decentralized security administration and reconcilement of access granted
  • change management configuration

For a free proposal to perform an audit of your organization or provide SOX support & testing services, contact Mitchell Levine of Audit Serve at (203) 972-3567 or via e-mail at Levinemh@auditserve.com.

Copyright  2006, Audit Serve, Inc. All rights reserved. Reproduction, which includes links from other Web sites, is prohibited except by permission in writing.

This article appeared in a past issue of the Audit Vision E-Mail Newsletter.

 
 
 

Technical Articles | Conferences | Audit Programs | Audit Serve Seminars | Consulting Services | Audit Vision Newsletter | What's New | Contact US

This website has been optimized for Netscape and Internet Explorer 4.0 and above.  Your comments and suggestions are always welcome, please email webmaster@auditserve.com.
Copyright © 2000  All rights reserved.  27 Pine Street, Suite 700, New Canaan, CT 06840 USA.