|
|
|
|
|
|
by weard_beard
496 days ago
|
|
|
I specifically meant the parts of SOX related to access controls, infrastructure, and codebase management to ensure a baseline level of security for processing payments and PII to ensure this does not represent a risk to the valuation of the enterprise. These measures are universal to running any payment platform, not a public/private issue. *No, I'm not thinking of PCI, but that is also a valid measure here. There are recent updates to SOX in the past few years covering these aspects of payment operations. Some old-school SOX experts may not be familiar and the strictness on these aspects of the audit varies by auditor in my experience. I recently helped a client navigate these developing and responding to a very strict audit process covering their entire IT landscape including process flows, deployment planning and user/role management. |
|
|