community
cancel
Showing results for 
Search instead for 
Did you mean: 

alteryx server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.

SOX Compliant

Highlighted
Asteroid

Has anyone else dealt with SOX compliance using Alteryx Server?  How did you manage it?

 

Thanks,

Brad

Pulsar

Hi @brad_j_crep

 

We're just starting down this path ourselves.  We're treating it like any other server and setting up governance around access and procedures.

 

  • We've set up 2 separate environments, dev and prod
  • All workflows are developed and tested in our dev environment
  • All workflows are stored in a source-control system throughout the lifecycle
  • All workflows, whether developed by our IT staff or by the business, are reviewed by IT to ensure adherence to corp standards  
  • All workflows go through documented QA/UAT process before promotion.
  • Any workflow promotion or change to the configuration on the prod server goes through our change management procedure.
  • Access to prod is tightly controlled and monitored.  Only admins can access the server.  The Gallery, of course can be accessed in read-only by the users.
  • All queries from the Alteryx server are directed to stored procedures on a link server.
    • These procedures track usage information such as user info, execution time, etc
    • All procedures are strictly parameterized, to control data flow in both directions
    • Write-procedures go through our DB acceptance procedure
  • All of this is documented and tracked

 

Then when the auditors roll up, we'll just dump the relevant info for what ever they're interested in

 

Hope this helps

 

Dan

Asteroid

So going through all the procedures what is the time it takes for an average workflow to go from Thought to publishing on the production server?  Is it possible to break it down by area?  I'm thing of general numbers not specific.

 

Thank you!  It's great to see how other companies handle there server.

 

Brad

Pulsar

Like I mentioned in original post, we're just starting down this path with Alteryx and we haven't pushed anything to prod yet.  Generalizing from our other changes, .Net, Oracle procs, etc., from the end of UAT to production release generally takes a couple of days.  We've been doing this since SOX was first implemented so we have the process running rather smoothly.

 

Dan

 

 

Atom

Hi Dani, I realize this post is a month old but wanted to ask if you have made any more progress with respect to the SOX?  I work in finance and recently got an Alteryx licence.  It is a great tool but my boss has concerns about the compliance aspect.  I use it to pull sales and other P&L information that feeds into a report in Tableau.  Any information would be greatly appreciated!

Pulsar

Hi @mkbatjnj

 

The key points about the SOX process are compliance and documentation.  The compliance part comes in from the start of the data input process.  Are your data source sources certified?  Are they secure?  Next comes the actual workflow itself.  Has it gone through a formal QA/UAT process? What guarantee do you have the transformation processes in your workflow generate the data that you say it does?  Then comes promotion to production.  Do you have a change management process? Is your prod environment secure? Are you logging access and workflow executions?  Wrapping all this is the documentation.  You need to document all the steps and be able to answer when an auditor asks "Where did this piece of data come from and how can you be sure you can trust it?"

 

If you're already doing this for your other finance applications, the main difference will be the ease that Alteryx can be used to pull in almost any data source.  This is the area that you'll need to put extra compliance around.  

 

Dan

Atom

Dan,

 

Thank you for your explanation.  I am a total newbie to Alteryx and trying to learn as much as possible.  I appreciate your quick response.

 

Mary