Step 1:
Scan all the Single Role for SOD violations with a GRC Tool.
Action:
If there is SOD Remediate ( Fix objects values or Remove
transaction code) or come up with a mitigation control with help of Function
Team.
Step 2:
Scan all the composite Roles for SOD violations
Action:
If there is SOD Remediate (remove roles or replace with
different role) or come up with a mitigation control with help of Function
Team.
Step 3:
If the policy is one composite role per user then transport all the compliance calibrator controls to production. Since all the Composite roles are mitigated or remediated all the users should be clean
Step 4:
If the roles are determined based on user. Then each user has to be analyzed by GRC tool when they are setup in the system. If they have SOD then mitigate the user in directly in the system.
Tip:
Template users like AP Manager, AR Manager, Fin Manager,
WM Manager, SD Clerk, WM Operator etc can be setup in Production system.
Then new user could be cloned from the template users. One
advantage is the template users can be scanned with GRC tools. The Mitigation
controls can be in place and the same mitigation controls can be applied
to new users.
Q2) In SOX, I need a secure channel for requests and replies. I would also like to authenticate who listens to broadcasts in addition to authentication of requestors of information. Are there any guide lines on how to apply SOX to a distributed messaging architecture?
You can achieve SSL security by running an instance of
the Rendezvous Secure Daemon or the Rendezvous Secure Routing Daemon.
Connect the
requesting and replying Rendezvous clients to its listen
port.
You can secure the RV bus by running the network on secure hardware.
