October 12, 2012

5 Key Questions for Auditing and Compliance - Was a Change Authorized?

Git at Scale

copyright paths(Last post in a five-part series on auditing and compliance)

Wrapping up our series on answering 5 key questions for auditing and compliance, let's turn to the question of making sure that a change was authorized. That's a key process control topic and of keen interest if you're dealing with ISO regulations or complying with security requirements.

This question really has to be answered across your organization, and it'll touch on most of your ALM processes. From a version management perspective, Perforce gives you two important tools. First, Perforce provides a holistic approach to access control that governs who is allowed to read and write to certain parts of the repository. The relevant information is captured in Perforce's spec depot for historical purposes. Since Perforce's access control now extends to Git repositories through Git Fusion, you have a solid backing to prove who was allowed to change certain data at any time.

Second, Perforce gives you a leg up in making sure that an authorized user made a change for the right reason, as we discussed in the last article.

That's it for this short series of articles on auditing and compliance. While not a glamorous part of the job, ensuring that your team and IP are following all the relevant standards and maintaining a safe audit trail are a big part of enterprise configuration management. Perforce gives you the tools you need to be successful — and now with Git Fusion those tools cover your Git repositories as well.

Read Part 4 of the series: Why was a Change Made?

To learn more about IP security and the America Invents act in read IP Security: Covering Your Bases in a Global Development Environment.