@scottalanmiller said in Audits, and more audits:
@bbigford said in Audits, and more audits:
@scottalanmiller said in Audits, and more audits:
@bbigford said in Audits, and more audits:
@scottalanmiller said in Audits, and more audits:
We specifically proposed "audit reductions" in some system changes that we proposed for a client just last week.
Can you clarify on how you plan on reducing audits?
In our case, removing all Windows products so that MS can't call for an audit.
How many random Microsoft audits have you had so far in your career? Random as in not triggered by a disgruntled employee calling something in (heard of that happening many times), or anything else that forces a trigger.
My personally, believe it or not, zero. But I have so little Windows in my environments and/or are in environments with licenses that keep audits from happening.
Sorry, I don't mean you personally (as in your personal assets, businesses you directly own or co-own, etc). I mean you as in the consultant for businesses you have no investment in beyond what they are paying you as a consultant. Basically, Company X doesn't have internal IT or development, and they hire you or the company you're employed by and consulting/designing/implementing for. Do any of those clients require PCI/SOC2/HIPAA/CIPA compliance? If so, I'd definitely like to fork this thread and cover some of that because those compliance standards are not really up to me (PCI, HIPAA, and SOC2 auditors reach out annually), so I'd be interested in how you're handling beyond annual (legally). I prefer SOC2 because SOX is a joke. Not sure if you are currently supporting SOC2 since I'm not entirely sure how NTG is handling certain client data as either a fully managed provider, strictly hosting solution, or anything else specifically. Very interested in more aspects though.