Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: ciseedyexorse
New Today: 39
New Yesterday: 201
Overall: 130602

People Online:
Visitors: 45
Members: 0
Total: 45

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - Electronic RFC vs paper
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Electronic RFC vs paper

 
Post new topic   Reply to topic    ITIL Forum Index -> Change Management
View previous topic :: View next topic  
Author Message
rmch
Newbie
Newbie


Joined: Aug 04, 2006
Posts: 5

PostPosted: Wed Sep 06, 2006 2:53 am    Post subject: Electronic RFC vs paper Reply with quote

Do you have any comments on electronic RFCs from an auditor's perspective?

Apparently our managers feel we need paper RFCs because the auditors ask to see hand-written signatures.

I feel there must be a way to use digital signatures in this day and age...
Back to top
View user's profile
m_croon
Senior Itiler


Joined: Aug 11, 2006
Posts: 262
Location: Netherlands

PostPosted: Wed Sep 06, 2006 3:02 am    Post subject: Reply with quote

Hi RMCH,

There are plenty of service management tools that support an automated workflow for (non standard) change management. Personally, I have good experience with both Assyst from Axios and HP Service Desk. I cannot believe that an auditor wants to see paperwork when you can have such a powerfull solution in operation.

Good luck with your auditors, Wink

Michiel
Back to top
View user's profile Visit poster's website
itilimp
Senior Itiler


Joined: Jan 20, 2006
Posts: 172
Location: England

PostPosted: Wed Sep 06, 2006 3:21 am    Post subject: Reply with quote

What Michiel said... +

The auditors I know are far more interested in evidence that the process and whether procedures have been followed rather than a paper signature that says they have. I'd go so far as to say that automation of such things that will not permit you to go any further without the appopriate authorisation are less subject to abuse than a paper based system.
Back to top
View user's profile Visit poster's website
Ed
Senior Itiler


Joined: Feb 28, 2006
Posts: 411
Location: Coventry, England

PostPosted: Wed Sep 06, 2006 9:47 pm    Post subject: Reply with quote

What itilimp says x 2 especially when dealing with a paper system - I use one and can, therefore, be considered in the know.

Regards

Ed
Back to top
View user's profile
Guerino1
Senior Itiler


Joined: Jan 01, 2006
Posts: 500
Location: New Jersey

PostPosted: Fri Sep 08, 2006 6:42 am    Post subject: Reply with quote

Hello Rmch,

Some things to keep in mind.

A few electronic systems out there, such as our own, require authenticated logins and ensure that every creation, modification, etc. to any and all data is fully timestamped, traced back to the resource performing the action, and that full history details are kept for detailed audit reviews. In such a case, we have yet to come across a single auditing organization that wouldn't accept the electronic data as the definitive source.

The only time it should be an issue is when there is no history and audit records can't be traced back to fully entitled and authenticated users of the system.

The other thing I recommend (on the assumption that the auditors are internal) is to go to the auditing organization and simply ask "why" they require a manual signature. You might find that this might simply be an antiquated/legacy policy that could easily be updated to match the digital age and more modern practices, especially if you can make auditors' lives easier and provide them with more (and more accurate) information. If the auditors are external, then you may want to question their ability to perform quality audits, because we have some of the biggest auditing firms in the world, here in the US, and they're pretty open to accepting electronic trails.

Anyhow, I hope this helps.

Regards,
_________________
[Edited by Admin to remove link]
Back to top
View user's profile Send e-mail Visit poster's website
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3250
Location: London, UK

PostPosted: Sun Sep 17, 2006 6:25 am    Post subject: Electronic RFCs versus paper trail Reply with quote

The Change Management tool which I used (and developed) was an Electronic one.

When we were audited for various standards - the auditer only wanted to see the following

There was a defined process and procedures
There were controls in the process and checks
There was an audit trail of who does what and when.
There was method of notifications and communications

To be honest, an electronic RFC is the best...if they want paper... print the e-RFC out.

John Hardesty
Back to top
View user's profile
ryanhardcastle
Newbie
Newbie


Joined: Aug 14, 2006
Posts: 16
Location: London, UK

PostPosted: Mon Sep 18, 2006 10:31 pm    Post subject: Reply with quote

Hi rmch,

When you say auditors, what is it they are auditing?

I think the answers so far have focused on the audit of the processes/procedures.

In my organisation we have auditors for this purpose but also financial audits which are entirely seperate from the service management audits.

The financial auditors prefer to see physical signed copies as they are probably harder to forge but a wider initiative has overrulled them by the introduction of e-filing tool etc which contains an electronic audit trail anyway.

As long as what, who, when and how is recorded it keeps everyone happy. Almost all of the SM tools will have some sort of facility to do this.

Ryan
Back to top
View user's profile
rmch
Newbie
Newbie


Joined: Aug 04, 2006
Posts: 5

PostPosted: Fri Jan 26, 2007 3:48 am    Post subject: Thanks Reply with quote

Thanks for the feedback.

Financial auditors are indeed involved. (ex: For SOX).
Back to top
View user's profile
skeptic
Newbie
Newbie


Joined: Feb 20, 2007
Posts: 14

PostPosted: Tue Feb 20, 2007 7:25 pm    Post subject: Reply with quote

get them to define exactly which categories of change require a written signature: keep the scope tight. For only those ones, make one step in the workflow be to print it out and get it signed and file it. For everything else just get on with life.
_________________
The IT Skeptic
see you at itskeptic.org
Back to top
View user's profile Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Change Management All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.