A Sign that a Company may have misunderstood SOX Compliance Requirements

The dictate comes down that no code developer of any sort will be allowed sa access to the SQL Server.

In the dev environment.

posted on Thursday, August 21, 2008 6:15 PM

Comments

# re: A Sign that a Company may have misunderstood SOX Compliance Requirements
: Michael Hall
: 8/27/2008 6:41 AM

: Yet a DBA can be authorized to work on core functionality in the .NET codebase. But that's a different issue.

I typically disable the SA account even in the development environment. It's like disallowing /Console logins via MSTSC. You should have to login with your credentials so that if something goes boom there's some kind of audit trail that can be tracked.

Or are you saying that no developers can be assigned to the System Administrator role?

# re: A Sign that a Company may have misunderstood SOX Compliance Requirements
: jdn
: 8/27/2008 9:02 AM

: The latter. Can't be assigned to the System Administrator role.

Agree about loging in with credentials, though, good point to make.

# re: A Sign that a Company may have misunderstood SOX Compliance Requirements
: Russell Ball
: 9/8/2008 4:12 PM

: I worked at a Federal Home Loan Bank that had 2 separate group of in-house auditors (one IT and one bank-wide) along with the usual 2-3 external audits per year. The auditors were over zealous and under educated when it came to development best practices. We had to constantly fight them on their interpretations of SoX compliance, which is apparently generic enough to have a wide variety of interpretations. I got so sick of it after a while that I left. SoX brought an already slow process to its needs and it was only going to get worse. I'm glad I'm not dealing with it anymore.

Please add 8 and 3 and type the answer here:

Enter the code shown above:

Archives

Post Categories

Stuff

BlogCoward