13 Apr SOX Software: Stepping up to Cloud Financials
Getting started with the cloud might be simpler than you think. In this blog we will focus on ERP Cloud and SaaS hosting for Microsoft Dynamics because that is our core competency here at RoseASP and we can speak from experience. However, regardless of the the financial system you use, ERP SOX software cloud requirements are going to be very similar at their core.
There are several steps that need to be completed to move your ERP system to the cloud. In total, these steps don’t take that much time. Larger customers with multi-faceted organizations requiring SOX compliance software for accounting typically require a private hosting environment vs. a public cloud service.
Weather your corporate IT requirements are extremely complex or fairly simple, the steps in this blog post should help put you on the right path to the cloud.
Basic ERP SOX Software Cloud Requirements
The list below is a basic set of criteria for cloud hosting ERP for SOX software compliance in the cloud. You can learn more in-depth info from this SOX Compliance Checklist.
- Strict controls and advanced software and hardware tools used to restrict access and prevent breaches
- Policies and procedures in place to ensure any user access changes are authorized and processed in a timely manner
- Controls to ensure system security regarding user passwords, firewalls and encryption
- Policies establishing controls for the maintenance of user level access restrictions
- Multi-factor security infrastructure at data center sites including video surveillance
- 24/7/365 Customer support for application readiness and cloud support
- Strict controls around accessing customer data
- System monitoring and intrusion detection
- Standardized policy for tracking and responding to service requests
- Regular “test” restores to validate backup plan
- Recovery policies ensuring data integrity and standardizing ownership and responsibility
- Redundant power and fire suppression systems at data centers to protect against disaster events.
- Redundant backup sites with a copy of the backup retained offsite from the data center
Going Cloud: The Basic Steps
Since 2000 we have moved hundreds of customers to the cloud at RoseASP and we have seen an extremely high level of success by following this process.
- Determine Compliance Requirements – Weather you are a publicly traded company with SOX software guidelines to follow or a HIPAA regulated entity, it is critical to know your requirements and to verify that a hoster can provide the necessary security and user access restrictions. It is also important that a hoster responds quickly to change requests and requests for change logs and other audit documentation.
- Hosting quote– You need a hosting quote based on your specific requirements and requirements vary quite a bit. At RoesASP, before we offer formal pricing, we want to make sure that we understand your needs and provide you with a quote that offers the most bang for your buck. Procuring a quote based on your requirements is a first critical step toward the cloud. Request a quote.
- Hosting Agreement– The hosting agreement is between the end user organization and hosting company. A hosting agreement must be comprehensive to ensure your compliance needs are met, so you might want to review this free eBook on Service Level Agreements for Compliance. Agreements should include a financially backed uptime guarantee, backup and test schedules and commitments to a published SOX Policy Library.
- System Setup– At RoseASP we start procuring the necessary hardware and software as soon as we receive system setup payment, and we complete the setup process in a matter of days. The setup payment is specified in our agreements upfront so there are no surprises.
The setup process generally consists of these items:
- Procure database server and client servers
- Install and configure server software
- Install servers into RoseASP environment
- Install databases
- Install client software
- Setup and test system backup policies
- Add users and notify with login credentials
Step 5. Users Setup – You will send a list of users that you want to initially have in your system. At RoseASP we control all user add, edit, and delete requests to provide audit traceability and ensure that the appropriate user access restrictions are in place to satisfy SOX software guidelines.
Step 6. Customizations and Add-ons – We will confirm the various Dynamics software and ISV (3rd Party) software you want in your system. If you are a current Dynamics Customer, we work with your Dynamics Partner to ensure your needs are met.
Step 7. Install application software – We will install all application software and acquire application licensing if specified in the Hosting Quote.
- If it’s a new system, we procure user licensing
- If it’s an existing system we confirm compatibility or upgrade to a current version
- Then we Restore to RoseASP environment
Step 8. Time for Testing—SOX regulated companies will need to go cloud with time in between “Test” and “Live” deployments for you and your team to validate the system against your requirements and absorb the new features and functionality. The test phase should also be used to review existing custom reports. Custom code also needs to be tested and reviewed in depth before a live migration is scheduled.
RoseASP is a full-service cloud provider for audit-ready Microsoft Dynamics AX, GP, NAV, SL and CRM, offering flexible options from public, private and hybrid cloud environments including Azure Cloud. We specialize in FDA, SOX software hosting, and HIPAA (HITECH), enabling highly regulated businesses to leverage cloud technology to manage the growing complexity of corporate IT requirements while maintaining governance, security and compliance. For more information about RoseASP, visit RoseASP.com.
Learn more: Checkout our YouTube Channel