11-09-2022 06:00 AM
I keep all of my configurations in Git and manage any changes directly in the XML configuration file itself. That's not something most people are willing to do, however in your case I'd recommend that you configure a nightly export of the configuration and store that in a Git repository. You'll have your history and all associated changes tracked for you automatically when it comes time to an audit.
This method above has been what I've introduced at multiple organizations when audit needs dictate a paper trail of all of the changes. The nightly export in a git repo gives the auditor all of the configuration history they could possibly want, and since you can download past versions you can easily do a diff of the file to see what was modified.
Alternatively, you could track the actual Diff itself in whatever you're using for change management. I have a client that forces that in their Jira instance for any and all changes. Personally I find this to be incredibly annoying and a huge pain and would recommend Git whenever possible, but this works for them since they can just search for the last year's change tickets with a filter and provide every single diff for the change.
This makes the auditors job really easy, but I'd argue that it's annoyance to actually get things done isn't worth it. The auditor has also always wanted to see actual configuration files and not just diff statements since the comments in the Jira ticket aren't really proof that something wasn't modified outside of change control.
