customer examples

8/18/2019 Customer Examples

1/13

drive

BMC Sarbanes-OxleyControl Automation:

Customer CaseStudies

December 7, 200


2/13

Sarbanes Audit Overvie!


3/13

"ar#e $etail %ranc&ise: Asset 'C&an#e Mana#ement

(ssue› Single system of record (Finance, IT, HR, Stores – 2500+)

5,000 !oc"et !#s, $,000 %or"stations, ser&er''

ccommodate y*ergrotac-.isitions (/e #ain in 200 – 200+ stores)

› 1aimi3e .*time Red.ce im*act of &ir.ses, tecno *o4ic .sers, eld s.**ort, lo lin" 4andidt

› 6icense #om*liance (*.rcased &s de*loyed) Identify 7 eliminate .na.tori3ed installations› Sec.rity

Red.ce n.m4er of .na.tori3ed canges (clean .*roll4ac")

Restrict o can target at to om d.ring 8 times

#om*reensi&e In&entory

› Re*orting (Sced.le, 9mail, cc.racyIntegrity) Identify, eliminate, red.ce ris"s

BMC Solutions

› 1arim4a :es"to*, Ser&er, :e&ice and !atc 1anagement


4/13

Sarbanes Oxley )alue

Only Aut&ori*ed So+t!are› 1arim4a #ong.ration :isco&ery – ,000 (**lications)› #ategori3e (:angero.s, ;nanted, lloed, .tori3ed)

:angero.s softare immediately .ninstalled .*on detection

› Ins.re nti system Re*ort re*eat o?enders&iolators

Scanner 9tension a.tomatically sends email en reg scanneridenties &ir.s 4y denition le@

› 6icense com*lianceAsset Mana#ement

› System of record› 6icense Trac"ing (#ong :isco&ery for real time a.dits)› 9asily etensi4le Re*orting


5/13

"ar#e %inancial (nstitution: Asset' C&an#e Mana#ement

(ssue› Single system of record (Finance, IT, HR)› 1aimi3e .*time (A0,000 or"stations, $0,000 ser&ers, 5,000 T1s)

Red.ce time in -.e.e for don systems

Increase *roacti&e ser&ice management (!atc, Softare :istri4.tion)

Red.ce im*act to reso.rces (Tellers, Bro"ers, 6oan oCcers, Systems)

Tra&erse sec.re netor" en&ironment – 6o 6in"s (200)› 6icense #om*liance (*.rcased &s de*loyed)› Sec.rity

Red.ce n.m4er of .na.tori3ed canges (clean .*roll4ac")

Restrict o can target at to om d.ring 8 times

› Re*orting (Sced.le, 9mail, cc.racyIntegrity)

BMC Solutions

› Remedy Hel*:es" 7 #ange 1anagement› R Ser&er Re*ository%or"Do› 1arim4a :es"to*, Ser&er and !atc 1anagement


6/13

(nventory )alue stablis&in# a system o+record

So+t!are Delivery› Target s.4sets of yo.r en&ironment (collections)› Re*ort s.ccess rate of deli&eries

Asset Mana#ement› #om*reensi&e so.rce of information› 9asily etensi4le

"icense Com.liance› Softare deli&ery standard softare com*liance

standard

› Target s.4sets for a**lication remo&al


7/13

Arc&itectural Overvie!


8/13

Arc&itectural Overvie!-Data Collection


9/13

$e.ortin# /rocess Controlled $e.orts


10/13

$e.ortin# /rocess Controlled Access


11/13

$e.ortin# /rocess Controlled ' O.en Access


12/13

(nventory Best /ractices ' /it+alls-Sc&edulin# (nventory Scans

Pacific Inventory Scans

12:00 AM Servers

1:00 AM Servers ATMs

2:00 AM Branch Workstations Servers ATMs

3:00 AM Branch Workstations ATMs

4:00 AM Branch Workstations ATMs

5:00 AM Branch Workstations

6:00 AM

7:00 AM Corp Workstations

8:00 AM Corp Workstations:00 AM Corp Workstations

10:00 AM Corp Workstations

11:00 AM

12:00 !M

1:00 !M Corp Workstations




5:00 !M

6:00 !M

7:00 !M

8:00 !M Maintenance

:00 !M

10:00 !M

11:00 !M Servers


13/13

Assessing the Readiness of IT:

$@ :oes te SE8 #ommittee .nderstand te ris"s in IT systems it com*liance to 0

2@ :oes IT .nderstand te nancial re*orting *rocess and its s.**orting systems

@ :oes #IE .nderstand ty*es of IT controls needed to s.**ort nancial *rocessing

@ re *olicies go&erning sec.rity, a&aila4ility and *rocessing integrity esta4lised,doc.mented and comm.nicated to all mem4ers of te IT organi3ation

5@ re ITGs roles and res*onsi4ilities related to Section 0 .nderstood 4y 66 sta?

@ :o mem4ers IT .nderstand teir roles, do tey *ossess s"ills to *erform o4 res*onsi4ilities relating to internal control, and

are tey s.**orted it a**ro*riate s"ill de&elo*ment

A@ Is yo.r assessment *rocess integrated com*anyGs ris" assessment *rocess fornancial re*orting

J@ :oes IT doc.ment, e&al.ate and remediate IT controls related to nancial re*ortingann.ally

customer examples

Documents