User Developed Applications: Compliance Process and Approach
BACKGROUND
UDA or User Developed
Applications are in-house developed applications. They can take the form of databases, spread
sheets or standalone executable programs.
They have access to internal driven applications and private data.
These applications
are often delivered to external groups and thus must fall under the scrutiny of
tight security standards.
BUILDING SUSTAINABLE COMPLIANCE
FRAMEWORK AND CONTROLS
You can utilize two methods (approaches) for achieving a holistic business driven approach to the compliance requirement based on PDCA (Plan-Do-Check-Act)
model encompassing people, process and technology.
TOP
DOWN APPROACH
•
Review and gap analysis of controls in
existing documented standard UDA process and recommendation based on the
assessment.
BOTTOM
UP APPROACH
•
Identify sample of applications that are
representative of all the UDA process activities;
•
Review the gap analysis of controls and document the requirements as a ‘Controls Guidance' document;
•
Develop, standardize and document the UDA
process;
•
Embed key controls based on the ‘Controls Guidance’ document.
USE CASE PROCESS MODEL
The figure below
describes the process for UDA evaluation (strategic, operational and
tactical).
There are several
benefits to this process including but not limited to:
•
Built-in and
enhanced internal controls at process level that would map to all the UDA apps
to conform to government regulations;
•
Business driven approach ensures alignment with business requirements;
•
Common and sustainable
compliance framework across organization encompassing the people, process and technology triad;
• Emphasize the importance of governance across the organization with continuous process and controls improvements;
•
Effective
management to dynamically address organizational, regulatory and market changes
as they occur within the PDCA model;
•
Cost effective
model;
•
Proactive vs.
reactive approach.
Comments
Post a Comment