During an IS audit of a data center, it was found that programmers are allowed to make emergency fixes to operational programs. Which of the following should be the IS auditor’s PRIMARY recommendation?
A. Bypass use ID procedures should be put in place to ensure that the changes are subject to after-the-event approval and testing
B. The ability to undertake emergency fixes should be restricted to selected key personnel
C. Programmers should be allowed to implement emergency fixes only after obtaining verbal agreement from the application owner
D. Emergency program changes should be subject to program migration and testing procedures before they are applied to operational systems
A. Bypass use ID procedures should be put in place to ensure that the changes are subject to after-the-event approval and testing
B. The ability to undertake emergency fixes should be restricted to selected key personnel
C. Programmers should be allowed to implement emergency fixes only after obtaining verbal agreement from the application owner
D. Emergency program changes should be subject to program migration and testing procedures before they are applied to operational systems