Compliance

  • Comments posted to this topic are about the item Compliance

  • Seeking to prove the old saying "if the only tool you have is a hammer, every job looks like a nail", Congress sees every problem in society as something that needs more laws and more regulations. Corrupt and poorly run companies will still be the same, well run companies will still be the same, but everyone has to waste enormous amounts of time and money and suffer limited flexibility to satisfy DC bureaucrats.

    The best election outcome is a congress so divided that they can't actually 'do' anything.

    ...

    -- FORTRAN manual for Xerox Computers --

  • What ever happened to ISO 9001 ?

    It seems to me that if that model were followed (and enhanced a bit) SOX would be easy. Oh, by the way my firm just went private so SOX is no longer a concern. But for the last 3 years at my prior employer the environment that had to adhere to HIPAA - which others tell me was much more stringent that SOX.

    RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."

  • rudy komacsar (10/1/2007)


    What ever happened to ISO 9001 ?

    It seems to me that if that model were followed (and enhanced a bit) SOX would be easy. Oh, by the way my firm just went private so SOX is no longer a concern. But for the last 3 years at my prior employer the environment that had to adhere to HIPAA - which others tell me was much more stringent that SOX.

    HIPAA is very stringent, but, as I understand it, is very limited to specific types of records and information. SOX can conceivably affect everything in a company, including casual types of communcation and record keeping that were not regulated before. It affects users storage and filing of their own working information ans well as database and email issues. The nuances are complex that I doubt that many if any companies actually comply with the letter of the law.

    ...

    -- FORTRAN manual for Xerox Computers --

  • I think the extensions of SOX are what has caused the problems. Most regulatory agencies specifically target certain types of data. SOX went after everything.

    Or at least the auditors did.

  • I haven't had the pleasure of dealing with SOX yet, but it sounds like it's afflicted with the same issues as HIPAA is - its lack of specificity leaves pretty much everything about it up to the whim of the "interpreter". In most cases - that leaves it up to the purview of the auditors/auditing firms in charge of performing said audit. It's the same with SOX - a few simple principles are outlined, but the rest of that is essentially spin.

    I had the "pleasure" or reading the actual HIPAA regs, looking for specifics, and.....there ultimately are none in the law itself. It's more accurately described as a series of very undefined guidelines, most of which can be bypassed with the universal "it would have impeded the process of providing care". And that observation seems to apply to any aspect of those regs (not just the technical side) - there's VERY little in the way of concrete recommendations about anything.

    Please note that I don't think a lot of the changes that have been forced onto organizations because of SOX or HIPAA weren't positive changes. It's a great thing to have SSN's removed from as many things as you can, and I appreciate being told who will have access to my information. But, just because they happen to make some sound sense from a process, technical or security side, and they come packaged with the title HIPAA IMPLEMENTATION GUIDELINES doesn't mean that they ARE based on the HIPAA regs at all.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • While it may be interesting to debate the relevance and value of regulatory requirements to the actual business, as database professionals we should consider the opportunity that this opens for us. I am involved with Basel II reporting in the banking sector and the need to produce accurate regulatory reports is a business necessity – there is no greater motivation to spending money on IT (database technology in particular) than the knowledge that if you don’t, the reserve bank will pull your licence (or at least hit you with a really expensive audit).

    Although SOX and other regulatory frameworks are painful to implement and there is a lack of business skills, if you are a database professional, vendor or some other IT supplier don’t ignore them – they come with an easy to understand, built-in business case.

  • I am actually dealing with my Q3 audit for SOX right now (we've only done one before this), and I have to say, it is one of the most painful experiences I have ever had as a DBA. Security Scans are obviously a day to day task, but relaying that in terms business users can understand and sign off on for audit is quite the chore. I've spent more time in MS Excel in the past three months than I have my entire career. And then there is the matter of Change control. I am in total agreement that change to Schema, etc, does need to be tracked, but to have to jump through twelve different people for all the approvals needed for a column addition that needed to happen three days prior is just asinine. Between Borland's StarTeam (the new bane of my existence) and the fact that my main data intake environment is a sandbox (I drop and create tables constantly to stage and clean data), I am blue in the face with the documentation levels SOX requires for compliance. And to add insult to injury, my corporation is subject to both HIPAA and SOX. I'll get around to actually optimizing my database servers one of these days!:)

  • seems like typical power hungry America, messing the world up again changing a perfectly good system in ISO9001, and making the avg persons job allot harder because they can.

    Hope China and Russia one day get there acts together and finally get rid of Americas power as Europe are too weak to even think about it.

    I have noticed in the news with Russia messing up Georgia, who are a friend of the USA. What did the USA say oh sorry we cant get involved. this is from the most powerful country in the world. Or are they scared of Russia.

Viewing 9 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply