Business and Technology Consulting

Is Your SDLC too bloated for SOX?

The Sarbanes-Oxley Act of 2002 has driven many companies to strive for best practices in the Software Development Life Cycle. The problem is that most companies are not truly software developers. These companies fail when they try to implement an SDLC process designed for IBM or Microsoft.

We worked with one company where the SDLC process document had grown to 92 pages. We took the Control Objectives for Information and related Technology (COBIT) guidelines and shrunk this to 10 pages covering the areas of: 

  • Initiating Requests 
  • Ad-hoc Requests 
  • Analysis 
  • Acquisition of Third Party Software 
  • Design 
  • Development 
  • Testing 
  • Implementation 
  • Project Management 
  • Maintenance

To assure compliance, we cited the COBIT guidelines directly. Remember, the key to compliance is having appropriate, verifiable procedures. Does your SDLC fit comfortably into SOX?

(C)Copyright 2005, James T. Moran & Associates. All rights reserved.