Phire Soft "The Only Thing Constant is Change."
Compliance
 
Regulatory and Internal Compliance
 
Sarbanes-Oxley Act Key sections of the Sarbanes-Oxley Act of 2002 require public companies to provide greater “internal controls,” auditing capability and real-time reporting for their financial systems. Section 404, which provides for “Internal Controls”, is by far the most important to IT managers and employees as it addresses directly the underlying control systems such as PeopleSoft Financials.

Section 404, effectively requires public firms to ‘establish and maintain internal control structures and procedures for financials reporting’ AND ‘report on the effectiveness of the internal control structure’.
How Phire Can Help You Achieve SOX Compliance There are no organizations or groups recognized by any government entities that certify software as being SOX compliant. Instead, application change management software like Phire is a tool that enables companies to achieve SOX compliance by enabling companies to enforce controls, implement established change management processes, and meet reporting requirements. The table below lists some of the principles and practices utilized by companies to meet the standards set forth by Section 404 of the Sarbanes-Oxley legislation.
SOX Section 404 Principles/Practices Phire
Segregation of Duties – roles and responsibilities are segregated to prevent conflicts of interest, risk of fraud, and enables better checks and balances. Phire's workflow feature coupled with row level security allows organizations to define custom change management processes that segregate tasks depending on the role. This allows the separation of tasks among developers, testers, migrators, and approvers.
Gated processes - implementation of controls to prevent continuation of the process until pre-requisite process is completed such as manager approval or system testing. Gated processes can be defined with Phire to require pre-requisite tasks to be completed before the change management process can continue. Thus, you can require and enforce successful testing or manager approval prior to the migration task.
Auditing Capability – ability to capture and report on historical record of all changes including who, when, what, and why. Phire is the central repository for all the activities associated with incidents and change requests. Detailed transactional data such as whom and when a migration was performed is captured by Phire and this information is accessible via online pages or delivered reports.
Real Time Monitoring and Tracking – ability to track and monitor the entire life cycle of a change request in real time. Phire's flexible reporting and query capabilities allow for monitoring of activities in the system from high-level management statistics to the detailed issues and change request tasks that are on-going. The Issue/Change Request Tracker provides an easy search and navigation point to everything going on in the system with the ability to drill into individual items.
Analysis of Results - periodic and regular operational reviews, metrics, and other key performance indicators (KPI's). The detailed historical information accumulated in the Phire repository provides the opportunity to analyze performance across numerous metrics including types of requests, functional areas, urgency, specific users and time-frames. Based on your needs specific queries and reports can be developed to provide timely analysis of the important activities in your organization.
IT Security – implementation of proper security to prevent unauthorized access to data. Phire is tightly coupled with the PeopleSoft infrastructure and security which results in an industry-proven security solution. In addition, security within Phire has been extended to include row-level permissions to enable organizations to implement security solutions that are highly flexible with a greater granularity.
Code Versioning – backup versions of code during development and prior to migrations to enable fallback and prevent loss of work. One of the main features of Phire is the ability to version all PeopleTools objects as well as any file objects. Code versioning can be built into your change management process to allow easy back out of code changes from production. Detailed information on each historical version of the object is easily accessible using online pages.
Reporting on Effectiveness of Controls – ability to report on process exceptions, security violations, and violations to implemented controls. Phire contains a set of compliance reports that show the effectiveness of the controls you have implemented. There are reports that show security violations, migration exceptions, and control data changes.
Phire Phire
Home | Products | Customers | Partners | About Us | Contact Us | Support