SSAE 16 Certification (GRX)

Walter D Vaughan Jr wvaughan at steelerubber.com
Thu Dec 20 08:27:30 PST 2012 

Top posted 'cause I am too lazy and I use a broken email client.

SUBVERSION could be your friend http://subversion.apache.org/
and http://tortoisesvn.net/ is a pretty easy to use windows client

Be aware that most of these compliance things (PCI, HIPPA) are written with
windows programs in an Active Directory environment in mind.

Not me, but it might be interesting for someone to have a long talk with
fpTech to investigate the cost of incorporating AD Kerberos single sign on
for windows clients.

Then you manage all logins and passwords from AD which has all the tools
they are asking for. 

BUT you still don't have Sarbanes-Oxley type compliance without some way to
log CRUD changes to data and control on who can run what applications.
So the smart aleck answer is you can't with filePro without a ton of work.

Maybe the fine folks at vss http://vss3.com/mosindex.htm can help.


-----Original Message-----
From: filepro-list-bounces+wvaughan=steelerubber.com at lists.celestial.com
[mailto:filepro-list-bounces+wvaughan=steelerubber.com at lists.celestial.com]
On Behalf Of Chris Sellitto
Sent: Thursday, December 20, 2012 10:20 AM
To: filepro-list at lists.celestial.com
Subject: SSAE 16 Certification (GRX)

Happy Holidays Everyone.

filePro(r) 5.0.14
Windows environment. (Server 2008) (WinXP, Win7 workstations)

Our company is trying to become SSAE 16 certified.  Upon review there were
several issues regarding filePro(r).  Some we can handle, and some we are
trying to figure out.  One of their findings was with passwords.  To be
specific, they wanted to see at least 90 day expiration of passwords.
Minimum length 6-8 characters.  A password history of 6.  Password
complexity requirement enabled (combo of alpha and numeric characters).  

Also, as it pertains to menu passwords, we only have one password assigned
to a menu that many users know.  They would like to see individual passwords
for each user to that menu.

Also does anyone use any type of version control software with filePro(r)?
They want a more comprehensive way of tracking program changes than the one
that we use, which is pretty much just commenting within our code.

Any help or suggestions are always appreciated by this group.

Thank you in advance.
Chris Sellitto
VP IT
Guaranteed Returns
_______________________________________________
Filepro-list mailing list
Filepro-list at lists.celestial.com
Subscribe/Unsubscribe/Subscription Changes
http://mailman.celestial.com/mailman/listinfo/filepro-list

More information about the Filepro-list mailing list