From where I stand, it's exactly like Ryan described:
we got SOx-audited last year and again this year and in both
occasions access to production by developers came up as an
absolute no-no and something we simply cannot allow.
Which I tend to agree with, BTW. ;-)
--
Cheers
Nuno Souto
from sunny Sydney
Quoting David Aldridge <david_at_david-aldridge.com>:
> Tsh, is there any lie that those operations people won't tell in order
> to keep us out of their sandbox?
>
> Seriously though, I don't think that SOX is that detailed, and I don't
> believe any STIG is either. It sounds like that rule is more along the
> lines of an _interpretation_ of the regulations, or a quoting of the
> regulations to justify a rule (depending on your degree of cynicism).
>
> ryan_gaffuri_at_comcast.net wrote:
> >
> > I did DOD befoer this. I am doing financial now. The federal government
> > actually passed security laws for financial companies as part of
> > Sarbanes-Oxley(SOX). I was told by operations that one of the rules is
> > that development cannot have access to production data. That is a
> > problem for production support when you get data issues.
--
http://www.freelists.org/webpage/oracle-l
Received on Wed Aug 16 2006 - 02:06:34 CDT
