Home » RDBMS Server » Security » SOX compliance (Oracle 11gR2 on RHEL 4)
SOX compliance [message #540688] Wed, 25 January 2012 06:26 Go to next message
himabija
Messages: 33
Registered: December 2011
Location: San Francisco
Member
For last few days I was just investing my times to understand SOX compliance for oracle database. But then I realized that SOX Compliance is a Bill to secure IT environments from possible security threats and it does not provide any guideline to implement it . So there is no specific implementation guideline for oracle database and we have to implement it according to business need (as Oracle database intrinsically is not justSOX compliant ).

So I was looking for some documents (or interpretation of SOX compliance for oracle database)what DBA's needs to do to make his database SOX compliant but unfortunately I'm not very happy with the documents I got over Internet (I'm providing the best link i have received over internet ) .Can you provide some better resource for this topic?

Is there any tool/script available to check whether database is sox compliant or not?(Just to ensure DBA has not skipped any areas .)

[Updated on: Wed, 25 January 2012 06:29]

Report message to a moderator

Re: SOX compliance [message #540692 is a reply to message #540688] Wed, 25 January 2012 06:45 Go to previous messageGo to next message
Michel Cadot
Messages: 59991
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
as Oracle database intrinsically is not justSOX compliant

This is irrelevant, it is just like to say intrinsically files are not SOX compliant, intrinsically Unix/Linux are not SOX compliant...

The question is: does Oracle provides the tools/features to implement a database application compliant to SOX. The answer is yes.

Regards
Michel
Re: SOX compliance [message #540705 is a reply to message #540692] Wed, 25 January 2012 07:24 Go to previous messageGo to next message
himabija
Messages: 33
Registered: December 2011
Location: San Francisco
Member
I understand your point. But my question remain unanswered .I'm briefing my question again.

1. interpretation of SOX compliance for oracle database?
2. Is there any tool/script available to check whether database is sox compliant or not?
Re: SOX compliance [message #540721 is a reply to message #540705] Wed, 25 January 2012 07:57 Go to previous messageGo to next message
Michel Cadot
Messages: 59991
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
But SOX compliance is not a matter of database but application, whole application, and how the application uses the database and how all this is organized. It is meaningless to ask for database alone, so generic script is irrelevant.

Regards
Michel

[Updated on: Wed, 25 January 2012 08:02]

Report message to a moderator

Re: SOX compliance [message #540723 is a reply to message #540705] Wed, 25 January 2012 08:01 Go to previous messageGo to next message
John Watson
Messages: 4859
Registered: January 2010
Location: Global Village
Senior Member
Hi - I thought that SOX was a set of rules for financial controls and reporting, therefore all done by the application - nothing to do with the database? I don't think it is like, for example, the PCI rules regarding encryption, which you as DBA may have to implement.
Re: SOX compliance [message #540727 is a reply to message #540723] Wed, 25 January 2012 08:08 Go to previous messageGo to next message
Michel Cadot
Messages: 59991
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
A SOX compliant toolkit can be found at: http://www.soxtoolkit.com/

Regards
Michel

Re: SOX compliance [message #540766 is a reply to message #540727] Wed, 25 January 2012 11:36 Go to previous message
himabija
Messages: 33
Registered: December 2011
Location: San Francisco
Member
Quote:
the PCI rules regarding encryption


@John: You are absolutely right.Actually I have seen one of the post in this forum regarding PCI rules and came into conclusion that SOX compliance should have some instruction for database like PCI.

@Michel : I would have tried the toolkit today and give you all my feedback but unfortunately it comes with $199 . Laughing

Anyway thanks John and Michel for your input.

[Updated on: Wed, 25 January 2012 11:39]

Report message to a moderator

Previous Topic: Can only log onto db via server.
Next Topic: obssocookie is getting set as TEST
Goto Forum:
  


Current Time: Fri Dec 19 07:44:16 CST 2014

Total time taken to generate the page: 0.08349 seconds