December 10, 2004 at 2:56 pm
To comply with SOX requirements we have established Maintenance accounts that are checked out (given a key/password). The account is good for a peroid of time before the password gets changed. I have the requirement to audit the activities of the accounts. What is the easiest way to do this? Profiler does'nt seem like an option because of the ongoing nature and amount of accounts to monitor. Do I need a log reader software and if so which one can track changes by account name?
December 10, 2004 at 4:48 pm
Sorry setting up a permanent trace on the server that outputs to file, Profiler or a tool like profiler will be required to capture all of those details as SELECTs are not logged nor are they otherwise auditable. I have seen serveral SOX requirements and am curious what your system is for that requires such a strenuoues auditing of action. As well you can audit all you like but it can only tell what they looked at, not neccessarily what they did with it. If your server's data is under SOX scrutiny then you need to make sure that application side is logging what is going on as well since you cannot actually see that.
December 14, 2004 at 7:33 pm
Since my post I have checked out Lumigent's ENTEGRA product it seems to be geared toward exactly these type of situations. I will be evaluating this product in the next week and should have more feedback. Our SOX auditors have told us to be in compliance we need the ability to track any changes made outside the normal interface of a product. There is nothing in SOX that I know of that requires the ability to track changes from within the application. I know what your thinking and yes is doesn't make sense but thats the world we live in after Enron! The application is a customer service record applications that tracks service and billable hours to customers. because of the financial data it tracks it falls under our SOX requirements. Our company feels we should be using the same change management processes for all databases so I have to implement these rules on everything I now administer. yes Ouch!
December 15, 2004 at 6:44 am
Remember to ask for a payraise and and nice corner window office.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply