Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
General
SOx Compliance
Lawson Admin Segregation of Duties
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Saef
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5226
People Online:
Visitors:
436
Members:
0
Total:
436
Online Now:
New Topics
User Group Announcements
Carolina User Group Meeting
12/20/2024 3:15 PM
Date & Time: February 6, 2025, 8:30am - 4:00pm
S3 Systems Administration
ADFS certificate - new cert
12/3/2024 9:38 PM
The certificates on the windows boxes expired and
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Dealing with Lawson / Infor
Implementing Lawson v10 with Cerner Surginet, Case Cart Picking, and Quick Adds for the OR
10/29/2024 4:20 PM
Hi Everyone, I am wondering if there is any org
Lawson S3 HR/Payroll/Benefits
Canada Tax Calculation (Federal and Provincial) Issue
10/23/2024 5:00 AM
Initially, we had problem with CPP2 calculation is
Lawson S3 HR/Payroll/Benefits
CA Section 125 401k Plan
10/22/2024 10:13 PM
Does anyone have any recommendations on how to fac
S3 Systems Administration
Running AC120 deleted records from ACMASTER table
10/22/2024 3:40 PM
We recently ran the AC120 as normal and somehow it
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1372
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
General
SOx Compliance
Lawson Admin Segregation of Duties
Please
login
to post a reply.
3 Replies
0
Subscribed to this topic
2 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
Leonard Courchaine
Veteran Member
Posts: 55
6/3/2014 5:28 PM
We're being pressured by auditors about breaking up into two the Lawson Admin who puts something (mod/CTP/Env Patch) into our Test environment and the Admin who puts it into Production.
Our practice has been:
1. Dick puts quarterly patches into test; Harry puts environment patches into test.
(user testing occurs)
2. Dick then puts quarterly patches into prod; Harry puts environment patches into prod.
(All Lawson Admins have keys to test and prod e.g. the lawson password.)
Auditors would like it if PersonA puts something into test and PersonB then puts it into production with Person A not having the ability to access production. Same with new custom mods that we put in.
We'd **LOVE** to know how others are dealing with this type of auditor request around segregation/separation of duties with limited resources.
Thanks so much,
Lenny
Kwane McNeal
Veteran Member
Posts: 479
6/4/2014 2:43 PM
Lenny,
If you have one or two, and no more than two admins, typically I have seen clients do some variation to the following:
1) Document an audit exception, because the point of having two admins is one is a backup to the other. If you segregate one from PROD completely, you lose some of the benefit to fall back.
2) Setup a system to audit access to both the 'root'/'administrator' and 'lawson' accounts, by using 'su' (for UNIX), or some type of OTP (for Windows). Direct 'root'/'administrator' and 'lawson' access is forbidden, and the logs are sent to some other server the admins don't have access to.
Kwane
Tim Cochrane
Veteran Member
Posts: 154
6/6/2014 1:55 PM
Agreeing with Kwane - we've got a team of 5-7 System Admins: 5 on-site; 2 off-shore. ALL are expected to be able to handle ALL environments...otherwise they are worthless They typically work in pairs; one to make the changes and the other to validate.
We're a large health care organization, so we've have to follow the same SOX requirements that you do. I don't know if our LSAs have to report anything to IA...never heard of them doing that...but our IA is comfortable with the process. Our Lawson Security group DOES have to make periodic reports to IA, so that might include any LSA activitiy, but i think the Security report is more around role/classes/user changes in LS.
Kwane's worked with us before, he's seen how our system works.
Leonard Courchaine
Veteran Member
Posts: 55
6/10/2014 1:33 PM
Guys,
Thanks ***very*** much for your input. I'll pass it along. Seems very reasonable.
Lenny
Please
login
to post a reply.