407
Appendix:
Understanding the Sarbanes-Oxley Act
e) Each server will have a log book that will be used to document any reported
problems or adverse
f) event observations made during visits to the server room by any IT staff
member or system administrator. The log books are used to document er-
rors that are discovered outside routine monthly maintenance, and for any
configuration changes to each server or its key applications.
g) The server log books will be reviewed annually by IT management.
7)
ATTACHMENT
a) Attachment IT-FR-003: "Generic Network Server Maintenance Electronic
Log Form"
System Account Management
GENERIC COMPANY, INC.
IT Documentation
TITLE: SYSTEM ACCOUNT MANAGEMENT
Document #:
IT-005 V4
Effective Date:
12/1/09
Issued by:
IT Department
Page Number:
1 of 5
1)
PURPOSE
a) To define Generic's procedures regarding user account management for the
Generic network.
2)
SCOPE
a) This procedure applies to the Generic computer system and administrative
and user accounts for use on that system.
3)
RESPONSIBILITIES
a) Generic's IT department is responsible for preparation of this SOP.
b) Generic's IT department is responsible for administering the accounts for
the Generic computer system (i.e., system administrator).
c) Generic's IT management is responsible for approving this procedure.
d) The relevant department manager is responsible for approval of access
and denial of access privileges, as indicated on the Employee Information
Profile form and the Employee Departure form.
e) The Controller or CFO is responsible for annually reviewing user access
within the accounting system.