Where this question gets interesting is in the details. As a security practitioner, I'd want to have a much deeper
understanding of how the software you reference works. Comparing two files of the same format is a relatively straightforward proposition, However, comparing multiple formats becomes a much more challenging issue, which gets even more interesting when one of those formats is an image.
In order to compare the text from a .doc (or .docx) to a .tif, it's necessary to do some sort of optical character recognition (OCR) and then compare it to the text in the .doc(x) file. This is, to say the least, not the easiest thing to do. So before I'd sign off on this, I'd want a strong assurance from the vendor that the tool is actually capable of performing the necessary comparisons so that I would be comfortable telling a CEO or CFO they can rely on such a technology. Similarly, I know a lot of other auditors that would need the same level of confidence. So, to summarize: Ask your auditor.
For more information:
Dig deeper on Sarbanes-Oxley Act
Related Q&A from David Mortman, Contributor
While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it ...continue reading
PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security...continue reading
When hiring an information security team member, how important is a certification in information security? Learn how to talk to executives about ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.