This article provides an overview of SOX 404 control Manage Operations.
The typical SOX 404 IT controls for Manage Operations are outlined below.
Description: Systems are adequately maintained through standard procedures and processes, vendor management, monitoring, vulnerability management and facilities management.
Control Objective: A documented process exists and is enforced to perform approved operational procedures, manage outsourced IT services, monitor IT infrastructure and manage environments and facilities.
- The process describes the patching strategy.
- There is a documented process for applying patches.
- The process defines when patching will occur.
- The process demonstrates that patches are reviewed before implementation.
For more information please contact Morland-Austin at firstname.lastname@example.org.