30 Days of Compliance Q&As #21: How Much Access Should I Give My Auditors?

The auditor’s perception of your readiness – or lack thereof – can heavily influence whether you pass or fail your audit. Prior to the onsite visit, request a list of exactly what information and reports the auditor needs, as well as who they want to speak to. This will allow you to represent you and your company as efficient and organized.

So once you’ve lined up your people and identified the systems, how much access should you give to your auditor once they’re on site? If you give too little access, they get suspicious … if you give too much, they start snooping into things beyond the scope of the audit. You need to walk a fine line by providing just enough access to satisfy the requirement. This is probably a case where you don’t want to overdo it.

If you have implemented a SIEM/Log Management solution, your audit should be pretty easy. A mature solution should have a suite of compliance reports, the ability to group assets subject to compliance regulations and full role-based access control.

Below is AccelOps’ role management screen. You need to simply create a user account for the auditor and add it to the auditor group. You can fine-tune what the auditor group can see, edit or execute.

Tips for a successful audit:

    1. Identify what reports, dashboards and assets you would like the auditor to have access to.
    2. Create a user account for the auditor in your SIEM/log management solution and place it in the auditor group with appropriate permissions to access the aforementioned items.
    3. Provide the portal access and login information to the auditor.
    4. Extra bonus: Show them around the interface (it will save you valuable time, money and energy)

Authors

Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone

Try AccelOps FREE for 30 Days

 

Get a Live Product Demo

 

Tags

cloud security big data RSA analytics compliance Q&A PCI DSS HIPAA Sarbanes Oxley (SOX) Target breach

About Accelops

AccelOps provides the leading IT operations analytics platform for the modern data center. The virtual appliance software monitors security, performance and compliance in cloud and virtualized infrastructures – all from a single screen.

 

AccelOps automatically discovers, analyzes and automates IT issues in machine and big data across organizations’ data centers and cloud resources, spanning servers, storage, networks, security, applications and users. AccelOps’ patented analytics engine with cross-correlation and statistical anomaly detection sends real-time alerts when deviations occur that indicate a security or performance-impacting event.

 

The AccelOps platform scales seamlessly and provides unmatched delivery of proactive security and operational intelligence, allowing organizations to be more responsive and competitive as they expand their IT capabilities. 

Keep Social

twitter facebook linkedin