DPAS SCR: 01722



  • SCR Number
    01722
  • Title
    DPAS System Admin Review Process
  • DPAS Module
    Enterprise
  • Reporting Organization
    Leidos
  • State
    Done
  • History
    Submitted: 30 Aug 2021
  • Description
    Description:
     
    DPAS received a NFR for its 2021 SSAE 18 audit review for its review of system processes.  Currently DPAS's DAC, Quartz, and Pendulum processes provides no confirmation process when a DPAS administrator reviews background processes.  DPAS does produce a daily report relating to the DAC processes (Batch, Reports and Process Queue), but even within, DPAS does not have a documented process that indicates that DPAS has reviewed the report and has taken action when an action is required.  
     
    Recommended:
     
    DPAS develop a process where the System Administrator can confirm that a review of the processes was performed and the date/time it was performed.  The goal would be to have a single control that can be implemented throughout the system where the SA could select, and enter comments to confirm that a review was completed.  Upon Save, the process would write a row to a table containing the Users Id, Date/Time, what process was reviewed and the comments they may have entered.  When requested to show proof that the reviews were being conducted in accordance with the DPAS procedures, DPAS could export the data to provide validation that the review is being performed.
     
    Mission Critical:
     
    Yes - Satisfy the SSAE18 audit process, without having to save the page, convert it to PDF and digitally sign it every time a review is performed.  
     
    Benefits:
     
    Reduces the cost to validate the reviews are being performed and provides positive confirmation.  
     
    Users:
     
    This supports the SSAE 18 / MDS requirements for positive validation that DPAS is reviewing the system in accordance to its procedures.