1. It’s Audit Time so Panic and Freak Out
OK, you know it’s coming. You’ve known it’s been coming for a while now. You’ve done
little preparation though. You’ve been too busy keeping the lights on and sneaking in the
occasional new feature. It’s audit time!
It’s a strange feeling, the collective shiver that goes through the IT department at audit
time. For the execs and managers fear and stress permeate. Did we resolve everything
from last time? What else could have popped up? What KPIs do I have to hit for my
bonus?
For staff it’s more likely annoyance and resignation. Great, another 4 weeks of trawling
through configs, piecing together CSV files, making up reports and working on their ninja
exits when a prowling auditor enters.

2. It doesn’t have to be like this though, especially when it comes to your system
configurations. If you capture your audit requirements in the form of executable tests
then audit time becomes a breeze. We’re already doing this, you say? That’s cool,
maybe you’re scripting them up. Let me ask you this though:
Are the audit requirements captured in a format that everyone can read?
Can you execute them remotely and get compliance status back in real time for all
your servers?
Can you execute them on a schedule to prevent drift from a compliance state year
round?
Do they spit out reports you can hand to auditors before they’ve even asked for
them?
If your answer to any of these questions is “No” then you should consider implementing
a truly automated system configuration testing solution like ScriptRock.
Happy audits,
Alan.