It’s Audit Time so Panic and Freak Out

OK, you know it’s coming. You’ve known it’s been coming for a while now. You’ve done

little preparation though. You’ve been too busy keeping the lights on and sneaking in the

occasional new feature. It’s audit time!

It’s a strange feeling, the collective shiver that goes through the IT department at audit

time. For the execs and managers fear and stress permeate. Did we resolve everything

from last time? What else could have popped up? What KPIs do I have to hit for my

bonus?

For staff it’s more likely annoyance and resignation. Great, another 4 weeks of trawling

through configs, piecing together CSV files, making up reports and working on their ninja

exits when a prowling auditor enters.

It doesn’t have to be like this though, especially when it comes to your system

configurations. If you capture your audit requirements in the form of executable tests

then audit time becomes a breeze. We’re already doing this, you say? That’s cool,

maybe you’re scripting them up. Let me ask you this though:

Are the audit requirements captured in a format that everyone can read?

Can you execute them remotely and get compliance status back in real time for all

your servers?

Can you execute them on a schedule to prevent drift from a compliance state year

round?

Do they spit out reports you can hand to auditors before they’ve even asked for

them?

If your answer to any of these questions is “No” then you should consider implementing

a truly automated system configuration testing solution like ScriptRock.

Happy audits,

Alan.