Advent of Code is back! Unwrap daily challenges to sharpen your Alteryx skills and earn badges along the way! Learn more now.
Free Trial

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.

SOX Compliant

brad_j_crep
8 - Asteroid

Has anyone else dealt with SOX compliance using Alteryx Server?  How did you manage it?

 

Thanks,

Brad

14 REPLIES 14
danilang
19 - Altair
19 - Altair

Hi @justindavis 

 

The process that I described at the start of this thread has worked well for us.   We already had a robust change management process in place, so adding Alteryx to it was relatively straightforward.  The challenges that we're facing now are around data provenance.  In traditional systems all data was controlled by IT so it was fairly easy to take a piece of financial data and trace it back through the various systems to the source.  With user designed workflows, the data could come from anywhere, so we're engaging/educating the users to document and approve data sources to make it easier to explain data when the auditors role around.

 

Dan

hroderick-thr
11 - Bolide

I've been around long enough to know that SOX stands for Sarbanes-Oxley and to have earned bookoos of money contracting to make publicly traded companies compliant. The statute drove many many great companies into private ownershipped hedge funds. It sum, SOX has been a POX on American business. 

 

You have to get past the SOX how and understand the minimum root requirements of SOX. Which is authorized signoff of any production changes and a functioning disaster plan.

 

Tools like Alteryx Desktop and Tableau got their start when SOX began making IT changes too costly to be affordable and too slow to be useful. Shadow IT began to be the way innovative companies got things done.

 

I am too working now to allow business to develop new assets using Alteryx and Tableau while re-imagining the compliance how. 

 

Out of the gate, you need to define what is "production". For Alteryx, an asset is production if it is part of a scheduled process and only allow admins to schedule. Also our analysts (short for dispersed Shadow IT) have a sandbox they can develop in and it is periodically checked. If anything is shared outside their team and has been in use for a few months, they are required to make it 'production'.

 

We do a lot of training, support, help, and encouragement to our analysts so keep a good relationship so they understand the why of these boundaries and support our enforcement. SOX compliance is purest form is achieved by assigning a responsible asset owner who approves people's use of the asset which is backed up by reliable server snapshots. Anything more is busy work. We are making a cultural shift and it is working pretty well

ckulczytzky
5 - Atom

Hi Dan,

 

Do  you scripts go against the source systems and/or is there a middle layer.

 

Do you permit write back to the source system (file updates or UI update)?

 

Thanks,

 

Chris

 

niat_alteryx
6 - Meteoroid

Hello danilang,

 

We setup new sandbox and prod environment of Alteryx and need your support in setting up governance process.

 

Sandbox hardware configuration is same as PROD and not able to identify the correct guidelines to make best use of the environment make life easy of administrator as well as business users.

 

How can we connect for a short call.?

 

Br,

niat

pmaier1971
Alteryx
Alteryx

For future reference, this link may be useful:

 

Transforming SOX Testing Leveraging Alteryx: A Playbook