OK, you know it's coming. You've known it's been coming for a while now. You've done little preparation though. You've been too busy keeping the lights on and sneaking in the occasional new feature. It's audit time!
It's a strange feeling, the collective shiver that goes through the IT department at audit time. For the execs and managers fear and stress permeate. Did we resolve everything from last time? What else could have popped up? What KPIs do I have to hit for my bonus?
For staff it's more likely annoyance and resignation. Great, another 4 weeks of trawling through configs, piecing together CSV files, making up reports and working on their ninja exits when a prowling auditor enters.
It doesn't have to be like this though, especially when it comes to your system configurations. If you capture your audit requirements in the form of executable tests then audit time becomes a breeze. We're already doing this, you say? That's cool, maybe you're scripting them up. Let me ask you this though:
Are the audit requirements captured in a format that everyone can read?
Can you execute them remotely and get compliance status back in real time for all your servers?
Can you execute them on a schedule to prevent drift from a compliance state year round?
Do they spit out reports you can hand to auditors before they've even asked for them?
If your answer to any of these questions is "No" then you should consider implementing a truly automated system configuration testing solution like UpGuard.