|
Is Your SDLC too bloated for SOX?
The Sarbanes-Oxley Act of 2002 has driven many companies to
strive for best practices in the Software Development Life Cycle.
The problem is that most companies are not truly software
developers. These companies fail when they try to implement an
SDLC process designed for IBM or Microsoft.
We worked with one company where the SDLC process document had
grown to 92 pages. We took the Control Objectives for Information
and related Technology (COBIT) guidelines and shrunk this to
10 pages covering the areas of:
- Initiating Requests
- Ad-hoc Requests
- Analysis
- Acquisition of Third Party Software
- Design
- Development
- Testing
- Implementation
- Project Management
- Maintenance
To assure compliance, we cited the COBIT guidelines directly. Remember, the key to compliance is having appropriate,
verifiable procedures. Does your SDLC fit comfortably into SOX?
|