a very generic question, open to discussion: I see more and more regulations for EUC (end user computing). Here it is starting as well. I wonder if anyone covers this topic in Erambe? I can imagine that we could (mis-)use the asset management module for maintaining an inventory of critical EUC applications and perform the annual review by triggering the asset review on the asset owner. We could even collect the information on potential EUC by setting up an assessment questionnaire.
Would this make sense?
i never encourage people to use eramba as an inventory tool because is frankly speaking a horrible inventory tool, there is a whole industry dedicated to create and mantain inventories. grc functions doing company wide inventories give the resource limitations also is in my view hard to achieve. remember, eramba controls test a process not an “asset”. of course, we sample a number of assets to decide if the process works, but we always test and improve a process.
Concerning the regulations: I did some internet research and I got the feeling that it’s slowly coming down from the big enterprises which are SOX regulated to some regulated industries like finance. I was told that it exists already in the UK and Germany (but didn’t check myself). Specifically in Switzerland we are now getting audited on a EUC framework because it’s apparently recommended by the banking authority to the audit firms, no regulation yet but I guess it will come as soon as the regulator sees the horrible results …
…