The client is an Asian regional headquarters of a large apparel manufacturing company traded on the New York Stock Exchange, with more than 50,000 employees worldwide and annual sales of approximately $500 million. This company is home to some of the best known clothing brands in the world.
As the client is publicly traded in the United States, the organization falls under Sarbanes-Oxley (SOX) compliance requirements. For the IT department, this involves taking the required steps to increase the security of all IT systems and applications. It also involves minimizing the risks associated with application development and maintenance by preventing unauthorized changes to the application.
While the client prefers developing applications in IBM Notes, they found the platform did not lend itself to making the development environment as secure as their internal control procedures required. Existing policies required segregating duties between the development and deployment teams. Developers were not supposed to make changes to any production application, leaving application maintenance activities to the deployment team. Because their policies could not be enforced, the "honor system" was the method used for application access control.
The Teamstudio Solution
After a detailed discussion with Teamstudio, the client learned how Teamstudio CIAO!® could provide the source code control they needed in order to prevent unauthorized access to application design. CIAO! could also be used to prevent developers from making application changes in the production environment.
By using CIAO!, the client has completely locked down access to IBM Notes application design, ensuring that only authorized personnel are able to make changes to the applications. CIAO! has effectively denied developers access to the production environment. CIAO! allows the client to enforce their policy of separating the development and deployment teams.
An unanticipated benefit of implementing CIAO! was the ability for the client to provide a complete audit trail of application access and changes. The client is now able to generate reports that include an audit trail of what was changed and by whom, when the change occurred, and why the change was made. Compliance is an important consideration for the client, and CIAO! provides them with complete reporting for each of their IBM Notes applications, down to the design element.
CIAO! provided the solution for the client to deliver the necessary IT governance to IBM Notes, a platform that has been traditionally difficult to control. The organization went through a SOX audit following their implementation of CIAO!. Having a defined, documented, enforceable, and sustainable process in place to manage their development process enabled them to pass the SOX audit without a problem.