Most of the controls are about auditability and data access.
But the control frameworks are silly sometimes. Then add in that they’re enforced by 3rd party auditor consultants looking for any reason to drag it out.
And yeah, I tried to get this past them for a old singleton system to avoid having to buy a bigger non-standard server.
But the control frameworks are silly sometimes. Then add in that they’re enforced by 3rd party auditor consultants looking for any reason to drag it out.
And yeah, I tried to get this past them for a old singleton system to avoid having to buy a bigger non-standard server.