Agile under the purview of SOX

By | July 28, 2017

Hi,

InfoSec guy here. Looking for advice on staying agile while meeting ITGC controls.

AWS is the gold standard IMO:

AWS isn’t alone. Companies like Facebook & Etsy utilize similar processes that pass SOX ITGC audits.

I get the feeling most auditors are new to the concepts and push-back when narratives don’t match traditional P&P.

What works?