I was just reading about Brian Harry’s exploits with farm irrigation, free-range chickens and a dog with psychosis when I noticed his latest post was a pointer to a new whitepaper on MSDN that discusses Sarbanes-Oxles (SOX) compliance and TFS. I haven’t come across too many of these types of documents, so I wanted to advertise it’s existence.
Here’s the blurb from Andrew Delin on the VSTS Process Blog:
I’m pleased to say MSDN has just published our paper on Team System and Sarbanes-Oxley (SOX).
There seems to be some confusion around SOX and software development. SOX isn’t a standard for software, and no software tool can make a business “SOX compliant”. SOX relates to the management of transactions that affect assets, and is undertaken with the help of a qualified appraiser who defines a risk management framework for your business. Some of the risks identified may involve your software development activities. Because Team System closely shadows the software development process, it can be a good platform for gathering data in support of SOX objectives.
The paper looks at several example risk scenarios for a business and suggests ways to use Team System. (The paper doesn’t talk about more general functions like auditing with Team System, etc.)
Looks like I’ll be adding this blog to my must-read list.