Anyone know anything about SOX compliance with regard to the requesting and distribution of passwords within a financial organization?
EG should a change request ticket documenting the problem specify the server and userid password being requested?
Should passwords be distributed encrypted or via two emails so the server name and password and separate etc?
Any links or hints gratefully received....I appreciate this probably isn't the best forum but maybe someone knows?
EG should a change request ticket documenting the problem specify the server and userid password being requested?
Should passwords be distributed encrypted or via two emails so the server name and password and separate etc?
Any links or hints gratefully received....I appreciate this probably isn't the best forum but maybe someone knows?
Comment