Could this be the end of the Sarbannes-Oxley compliance that so many people go through? The US Supreme Court has agreed to hear a legal challenge to this law. It's a challenge based on the separation of powers between the board that oversees the US audit industry. I have no idea if this challenge has any chance of being overturned, but despite arguments from the Justice Department and the SEC, the Supreme Court agreed to hear the case.
When SOX was introduced I was working as a corporate DBA, and the interpretation of the law at that time meant we had to do a lot of documentation to comply. It sounded like a huge hassle for all the employees and management. We all expected this process to cost a lot of money, and reduce revenues a little. Not a lot since everyone would be expected to work more!
However as we started to work through the documentation, trying to figure out what controls to implement, we realized that the majority of our efforts to comply with ISO 9001 would apply here. And while we'd need to reformat our work for SOX, we could then take that reformatted work and use it to prove ISO compliance. At least that's what I was told since the ISO certification group was less fussy than the SOX auditors.
I know many people think SOX is a huge hassle, but I'd argue that it’s not that bad, as noted in this blog. The documentation from SOX requires a lot of practices that are good ideas anyway. If you are already following them, then proving it seems a waste of time. I'd say that it means you are double checking yourself, which is a good practice. If you're not following those types of practices, you should be. Even if you aren't in a public company bound by SOX, you might feel the effects if your partners force you to comply to they can ensure their own compliance.
As people that work with data, it seems DBAs are some of the more heavily affected IT people by this law. While I think this isn't necessarily a horrible law, I am curious to see if any DBAs out there see positive benefits to complying with SOX requirements.
Steve Jones
The Voice of the DBA Podcasts
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.
You can also follow Steve Jones on Twitter:
or now on iTunes!
- Windows Media Podcast - 21.4MB WMV
- iPod Video Podcast - 21.8MB MP4
- MP3 Audio Podcast - 4.4MB
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.