Posts
1150
Comments
891
Trackbacks
1
A Sign that a Company may have misunderstood SOX Compliance Requirements

The dictate comes down that no code developer of any sort will be allowed sa access to the SQL Server.

In the dev environment.

<cue stunned silence>

posted on Thursday, August 21, 2008 6:15 PM Print
Comments
Gravatar
# re: A Sign that a Company may have misunderstood SOX Compliance Requirements
Michael Hall
8/27/2008 6:41 AM
Yet a DBA can be authorized to work on core functionality in the .NET codebase. But that's a different issue.

I typically disable the SA account even in the development environment. It's like disallowing /Console logins via MSTSC. You should have to login with your credentials so that if something goes boom there's some kind of audit trail that can be tracked.

Or are you saying that no developers can be assigned to the System Administrator role?
Gravatar
# re: A Sign that a Company may have misunderstood SOX Compliance Requirements
jdn
8/27/2008 9:02 AM
The latter. Can't be assigned to the System Administrator role.

Agree about loging in with credentials, though, good point to make.
Gravatar
# re: A Sign that a Company may have misunderstood SOX Compliance Requirements
Russell Ball
9/8/2008 4:12 PM
I worked at a Federal Home Loan Bank that had 2 separate group of in-house auditors (one IT and one bank-wide) along with the usual 2-3 external audits per year. The auditors were over zealous and under educated when it came to development best practices. We had to constantly fight them on their interpretations of SoX compliance, which is apparently generic enough to have a wide variety of interpretations. I got so sick of it after a while that I left. SoX brought an already slow process to its needs and it was only going to get worse. I'm glad I'm not dealing with it anymore.

Post Comment

Title *
Name *
Email
Url
Comment *  
Please add 8 and 3 and type the answer here: