| View previous topic :: View next topic |
| Author |
Message |
rmch
Newbie
Joined: Aug 04, 2006
Posts: 5
|
 Posted: Wed Sep 06, 2006 2:53 am Post subject: Electronic RFC vs paper |
 |
|
Do you have any comments on electronic RFCs from an auditor's perspective?
Apparently our managers feel we need paper RFCs because the auditors ask to see hand-written signatures.
I feel there must be a way to use digital signatures in this day and age... |
|
| Back to top |
|
 |
m_croon
Senior Itiler
Joined: Aug 11, 2006
Posts: 262
Location: Netherlands
|
| Posted: Wed Sep 06, 2006 3:02 am Post subject: |
|
|
Hi RMCH,
There are plenty of service management tools that support an automated workflow for (non standard) change management. Personally, I have good experience with both Assyst from Axios and HP Service Desk. I cannot believe that an auditor wants to see paperwork when you can have such a powerfull solution in operation.
Good luck with your auditors, 
Michiel |
|
| Back to top |
|
|
itilimp
Senior Itiler
Joined: Jan 20, 2006
Posts: 172
Location: England
|
| Posted: Wed Sep 06, 2006 3:21 am Post subject: |
|
|
What Michiel said... +
The auditors I know are far more interested in evidence that the process and whether procedures have been followed rather than a paper signature that says they have. I'd go so far as to say that automation of such things that will not permit you to go any further without the appopriate authorisation are less subject to abuse than a paper based system. |
|
| Back to top |
|
|
Ed
Senior Itiler
Joined: Feb 28, 2006
Posts: 411
Location: Coventry, England
|
| Posted: Wed Sep 06, 2006 9:47 pm Post subject: |
|
|
What itilimp says x 2 especially when dealing with a paper system - I use one and can, therefore, be considered in the know.
Regards
Ed |
|
| Back to top |
|
|
Guerino1
Senior Itiler
Joined: Jan 01, 2006
Posts: 500
Location: New Jersey
|
| Posted: Fri Sep 08, 2006 6:42 am Post subject: |
|
|
Hello Rmch,
Some things to keep in mind.
A few electronic systems out there, such as our own, require authenticated logins and ensure that every creation, modification, etc. to any and all data is fully timestamped, traced back to the resource performing the action, and that full history details are kept for detailed audit reviews. In such a case, we have yet to come across a single auditing organization that wouldn't accept the electronic data as the definitive source.
The only time it should be an issue is when there is no history and audit records can't be traced back to fully entitled and authenticated users of the system.
The other thing I recommend (on the assumption that the auditors are internal) is to go to the auditing organization and simply ask "why" they require a manual signature. You might find that this might simply be an antiquated/legacy policy that could easily be updated to match the digital age and more modern practices, especially if you can make auditors' lives easier and provide them with more (and more accurate) information. If the auditors are external, then you may want to question their ability to perform quality audits, because we have some of the biggest auditing firms in the world, here in the US, and they're pretty open to accepting electronic trails.
Anyhow, I hope this helps.
Regards,
_________________
[Edited by Admin to remove link] |
|
| Back to top |
|
|
UKVIKING
Senior Itiler
Joined: Sep 16, 2006
Posts: 3110
Location: London, UK
|
| Posted: Sun Sep 17, 2006 6:25 am Post subject: Electronic RFCs versus paper trail |
|
|
The Change Management tool which I used (and developed) was an Electronic one.
When we were audited for various standards - the auditer only wanted to see the following
There was a defined process and procedures
There were controls in the process and checks
There was an audit trail of who does what and when.
There was method of notifications and communications
To be honest, an electronic RFC is the best...if they want paper... print the e-RFC out.
John Hardesty |
|
| Back to top |
|
|
ryanhardcastle
Newbie
Joined: Aug 14, 2006
Posts: 16
Location: London, UK
|
| Posted: Mon Sep 18, 2006 10:31 pm Post subject: |
|
|
Hi rmch,
When you say auditors, what is it they are auditing?
I think the answers so far have focused on the audit of the processes/procedures.
In my organisation we have auditors for this purpose but also financial audits which are entirely seperate from the service management audits.
The financial auditors prefer to see physical signed copies as they are probably harder to forge but a wider initiative has overrulled them by the introduction of e-filing tool etc which contains an electronic audit trail anyway.
As long as what, who, when and how is recorded it keeps everyone happy. Almost all of the SM tools will have some sort of facility to do this.
Ryan |
|
| Back to top |
|
|
rmch
Newbie
Joined: Aug 04, 2006
Posts: 5
|
| Posted: Fri Jan 26, 2007 3:48 am Post subject: Thanks |
|
|
Thanks for the feedback.
Financial auditors are indeed involved. (ex: For SOX). |
|
| Back to top |
|
|
skeptic
Newbie
Joined: Feb 20, 2007
Posts: 14
|
| Posted: Tue Feb 20, 2007 7:25 pm Post subject: |
|
|
get them to define exactly which categories of change require a written signature: keep the scope tight. For only those ones, make one step in the workflow be to print it out and get it signed and file it. For everything else just get on with life.
_________________
The IT Skeptic
see you at itskeptic.org |
|
| Back to top |
|
|
|
Forum FAQ
Search
Usergroups
Profile
Log in to check your private messages
Log in
