Hello Awesome People!
My organization has to become SOX compliant and I’m hoping to get some general ideas on how to ensure Epicor meets the basic requirements, and what others here in the community have done. We do have a SOX expert advising us, but nothing system specific.
I’m familiar on the toolset available to us in E10 to lock things down, but in practice what is everyone doing? Some questions I have top of mind are:
Role based vs function based security groups?
Anyone logging changes to BPMs, BAQs, Dashboards?
SOD (Segregation of Duties), are your developers deploying the code they wrote?
Automated pipelining of deployments (I know, discussed to death and a huge wish for us E10 Devs!)
Any general guidance and examples would be much appreciated! Thanks!