Legacy Software Recreation for SOX
What Feet Do These SOX Go On
In the December 2019, we were given a heads up that several servers still were running Windows 2008R2 which was ending support the next month. These were critical systems for compliance auditing and we could not be without them. The software running on them was legacy and incompatible with anything newer. Under a tight timeline, I analyzed several proprietary applications for functionality upon retirement of these systems, supporting re-implementation on a modern architecture as well as the legacy framework to prove correctness.During my analysis, I documented and re-implemented all of these applications written in various languages that manage our service accounts and file integrity monitoring for our various SOX and SOC2 compliance. In all cases code was not available and so I handled every aspect of the project including analysis and functional requirements gathering, scope setting, milestones, all development, testing, implementation, and deployment. I also added several feature enhancements such as depth limits, stable sortings for fast audit comparisons against a baseline and condensing inherited and replicated permissions.
What is more, is that my re-implemented programs demonstrated errors in their closed source legacy counterparts which could have caused an audit finding. The new applications are more accurate and contain audits of themselves alongside their findings. In the end, we now have more accurate data, and a much better audit trail for our compliance team.