Software Development Compliance – Internal control audits
Cindy VanEpps, IBM Rational software
Last updated: February 08, 2013
Build basis: IBM Rational Collaborative Lifecycle Management (CLM) v3.0.1.x, v4.0.x (Rational Team Concert)
This is the fifth and final in a series of articles on how the Rational solution for Collaborative Lifecycle Management (CLM) support software development compliance. It is highly recommended you first read the overview article in the series before proceeding.
To support internal control audits, you first have to document how you have implemented the controls then prove that your teams are following them. The other articles in this series give examples of how you can automate internal controls related to work authorization, segregation of duties and process change control. In this article, we will demonstrate:
- Generation of audit reports that capture historical proof of adherence to process and compliance rules
- Traceability from internal controls to implementation and testing of those controls to provide an audit trail
The attached PDF file provides a walk through with screen shots of examples of these implementations. This is a subset of a hands-on lab exercise that walks through the solutions in detail. We also provide the RPE document templates used in the examples to help you get started.
For more information
- Work Authorization and Requirements Integrity
- Segregation of duties in Regulated Software Development
- Process change control
- Support for Capability Maturity Model Integration
- Open Source Policy Compliance
About the author
As an Industry Solutions Lead for Rational, Cindy VanEpps leads several initiatives that tie together an integrated set of Rational tools to support specific scenarios. She recently led the effort to create a solution for the Financial Services Sector to support planning for compliance based on portfolio management and collaborative lifecycle management. Creating simplicity and elegance from the complex and horrendous is her passion. She can be contacted at firstname.lastname@example.org.
Copyright © 2012 IBM Corporation