Problem solve Get help with specific problems with your technologies, process and projects.

Using application quality control tools for auditing applications

For auditing applications, most enterprises will find application quality control and assurance tools helpful. In this expert response, Randall Gamby details what types of tools there are and how they can help.

Is there a third-party tool that can be used for the management of what we call "Fire Call" IDs? The way we use these IDs is to track application and database changes made by application support and database support teams. This recorded activity can be shown to IT auditors to demonstrate that we are tracking changes, using not only change management records, but also directory monitoring using a commercial product. However, our tool used for checking out and checking in these IDs is an in-house application that has some issues. I would also be interested in how/if other large Fortune 500 companies' departments manage IDs like this -- and what their official name is.

These are generally called "application compliance" or "application quality assurance" tools; I work for a Fortune 500 company and we use the term application quality assurance tools. In our case we have off-the-shelf tools that manage application changes through a "code checkout" process (developers must log when code is being edited or is in use, and then denote when the work is finished) that is followed by a scan of the application changes that have been "checked in" for security and quality compliance.

There are actually many off-the-shelf products that do this type of quality control. CA Inc., EMC Corp., IBM, Oracle Corp. and others have some form of application change control and/or monitoring software. But keep in mind, this software can come in two forms -- real-time or periodic audit discovery -- and you have to decide if your enterprise needs one or both functions. Real-time systems manage and control developer access and changes (similar to the off-the-shelf tools I described above), and then there are audit-discovery tools that periodically go out into the infrastructure, detect changes on applications and systems, and generate reports on any changes detected, usually in audit report format. The change-control tools are mature, but the audit-discovery tools are still fairly new, and their capabilities vary as to how well they can capture change information, especially in a complex, large and diversified environment like those found in many Fortune 500 companies.

For more information:

This was last published in January 2010

Dig Deeper on Privileged access management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.