Related Posts
Absolute mad lad! 😭

What is a look back analysis?
why is this bowl usually sooo silent ?
Additional Posts in Risk Assurance
Hello - hope everyone is having a great weekend. I'm looking into risk assurance opportunities at Meta, especially Application Manager, Controls (min 5 YOE) and Manager, Compliance (min 12 YOE). I am a Senior Manager with 9 years of IT risks assurance experience. Does anyone have any thought on which position I should apply? If anyone currently at Meta could share your experience, that would also help. If anyone is open to providing referrals, I could provide my background. Facebook (Meta)
What makes more money IT Audit or IT GRC?
New to Fishbowl?
unlock all discussions on Fishbowl.



There should be SoD controls in place so that no prod or lower environment dev/analyst can move code from lower environments to production unilaterally. You tend to see this failure in SoD right after implementations when Prod analysts have access to lower environments associated with the build pre go live.
Does the client use waterfall or agile method for developing, testing, and migrating changes to production? In a agile/DevOps model, engineers might have access to all environments but there should be controls in place to ensure no one can unilaterally develop and migrate changes (e.g. GitHub branch protection rules). In a traditional waterfall environment, the answer is a big no.