|
I did say that we do a good job with our IT security. We are a very large company and have the needed resources for that in the network and datacenter groups. But to this point 'we' computer people get to focused on the systems and technology we work with. We do not sell any computer like services. We make widgets. If we spent time on reinventing the report spooler in OS/400 we would not be doing our job, even if it was better then the one the came with the OS. SOX is not a bad thing it has forced us to polish our procedures. But, even the authors of the bill have stated that they never intended it to become a burden on companies. We have a full time employee in this datacenter just working on SOX. We did a full internal audit before the external guys setup camp for 6 months. Our project plans for 2005 we negatively impacted because of the audits, black out periods, and SOX interruptions. Like my doctor tells me, he spends 65% of his day on required paperwork and only 35% with patients. This drives his per-patient cost up and reduces the number of people he can help. Just like us, cost up and customers down. All due to the burden of over regulation for compliance. The intent of SOX was good. The application of it by the big accounting firms has been dreadful. Short aside: Today I got an email from HR saying all employees must click the link and read the company security policy. SOX mandated we do this once every year. I clicked the link and was presented with a popup sign-in box. I have no idea what the login is. NOW THAT's SECURITY -- Doug Hart -----Original Message----- From: midrange-l-bounces+doughart=twcny.rr.com@xxxxxxxxxxxx [mailto:midrange-l-bounces+doughart=twcny.rr.com@xxxxxxxxxxxx] On Behalf Of qsrvbas@xxxxxxxxxxxx Sent: Wednesday, April 05, 2006 6:41 PM To: midrange-l@xxxxxxxxxxxx Subject: RE: RE: Sarbanes-Oxley / my opinion midrange-l-request@xxxxxxxxxxxx wrote: > 3. RE: Sarbanes-Oxley / my opinion (Doug Hart) > >SOX does not help our company build or sell product but has cost us big >bucks. Tell that to the stock holders. Out of curiosity, regardless of my employer (PowerTech), I have to ask -- How were stockholders answered when they asked how often company information assets were abused, stolen or altered without authorization and what the losses amounted to? In a physical sense, would stockholders be pleased to know that no one locked doors and there were no alarms in the buildings to notify someone of an overnight break-in? I would think that if such things were well handled before SOX, then there shouldn't have been a significant cost resulting from SOX. I know this has sounded confrontational, but I really have little idea (as far as SOX goes for policy implementation). My view is obviously from a very different perspective. I figure that anything I can learn from another perspective gives me a better chance of doing my work better. Tom Liotta
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.