Jingga/Organization-Guide
1
0
Fork 0
mirror of https://github.com/Karaka-Management/Organization-Guide.git synced 2026-01-19 08:08:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update ITGC.md

Browse Source 
Signed-off-by: Dennis Eichhorn <spl1nes.com@googlemail.com>
This commit is contained in:
Dennis Eichhorn 2024-03-20 13:26:52 +01:00 committed by GitHub
parent 79f39f8eb5
commit 4ac708d1cd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Processes/Quality Management/COSO/ITGC.md
View File

@ -22,9 +22,9 @@
| Overview | Component | Situation | Evidences |
| -------------------- | --------- | ------------------------------------------------------------ | ---------------------------------- |
| Frequency of changes | A | Often changes are required for various reasons (e.g. functionality enhancement changes in business processes, etc.) | CHANGELOG<br />Software validation |
| Frequency of changes | OS, DB | Changes are made for each release of security patches/upgrades | Software validation |
| Frequency of changes | N, O | Changes are made for each release of patches/upgrades | Software validation |
| Frequency of changes | A | Often changes are required for various reasons (e.g. functionality enhancement changes in business processes, etc.) | CHANGELOG<br />[Third Party Software Validation - New](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />[Third Party Software Validation - Update](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20Update.md) |
| Frequency of changes | OS, DB | Changes are made for each release of security patches/upgrades | [Third Party Software Validation - New](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />[Third Party Software Validation - Update](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20Update.md) |
| Frequency of changes | N, O | Changes are made for each release of patches/upgrades | [Third Party Software Validation - New](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />[Third Party Software Validation - Update](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20Update.md) |
### Assessment of Design Effectiveness
@ -32,7 +32,7 @@
| ---- | ------------------------------------------------------------ | --------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
| 1 | How are policies and procedures for development and maintenance prepared? | A, OS, DB, N, O | Policies and procedures for development and maintenance are described in a formal way. Documentations are prepared by the IT team and authorized by the head of IT | Process: [Development](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/01_Development.md)<br />Process: [Support & Service](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/04_Support%20%26%20Service.md)<br />Policies: [IT](https://github.com/Karaka-Management/Organization-Guide/tree/master/Policies%20%26%20Guidelines/IT) |
| 2 | How are roles and responsibilities concerning development and maintenance defined? | A, OS, DB, N, O | Roles and responsibilities concerning development and maintenance are clearly defined in the IT process and policies. IT personnel incl. service vendors perform changes | Process: [Development](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/01_Development.md)<br />Process: [Support & Service](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/04_Support%20%26%20Service.md)<br />[Organigram](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/01_Development.md) |
| 3 | How are changes tested and their results approved? | A, OS, DB, N, O | Before updates for third party software are performed on the servers they are tested in a testing environment. Self-developed software changes are tested according the development process. | [Third party: Software validation](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />Process: [Development](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/01_Development.md)<br />Internal: Test protocols |
| 3 | How are changes tested and their results approved? | A, OS, DB, N, O | Before new third party software is installed or updates for third party software are performed on the servers they are tested in a testing environment. Self-developed software changes are tested according the development process. | [Third Party Software Validation - New](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />[Third Party Software Validation - Update](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20Update.md)<br />Process: [Development](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/01_Development.md)<br />Internal: Test protocols |
| 4 | How are changes approved for their migration to the production environment? | A, OS, DB, N, O | The change in the production environment is approved by the head of IT for third party software and for self-developed changes according the development process. | [Third party: Software validation](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Third%20Party%20Software%20Validation%20-%20New.md)<br />Process: [Development](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/01_Development.md)<br />Internal: Merge protocol |
| 5 | What procedures are in place for preventing/detecting unauthorized changes to the production environment? | A, OS, DB, N, O | Only the head of IT can install updates on the servers. Only the head of IT has the necessary IT authentication and IT permission. For self-developed changes all changes, merges can only be performed from authorized personnel and all merges are logged in merging protocols. | [Permission List](https://github.com/Karaka-Management/Organization-Guide/blob/master/Processes/IT/Permission%20List.md) |