RE: SOX Reporting Requirement

From: Iggy Fernandez <iggy_fernandez_at_hotmail.com>
Date: Thu, 28 Aug 2014 17:45:38 -0700
Message-ID: <BLU179-W6561FF73CF351062A1EE22EBDB0_at_phx.gbl>

LogMiner is the poor man's solution.
Poor Man's Auditing with Oracle LogMiner by Caleb Smallhttp://www.nocoug.org/download/2008-05/LogMiner4.pdfhttp://www.nocoug.org/download/2008-05/lmtest1a.sqlhttp://www.nocoug.org/download/2008-05/lmtest1b.sql

Date: Thu, 28 Aug 2014 13:17:50 -0500
Subject: Re: SOX Reporting Requirement
From: david.barbour1_at_gmail.com
To: frits.hoogland_at_gmail.com
CC: oracle-l_at_freelists.org

Well we do have an imaginative buch in our compliance department.

With respect to the Total Recall, it looks like it would work, but it requires the Advanced Compression Option which we do not currently have licensed. So either I revert to Plan A or inquire if their imagination includes a budget.

On Thu, Aug 28, 2014 at 12:40 PM, Frits Hoogland <frits.hoogland_at_gmail.com> wrote: If you actually look at what is in SOX itself, you might be surprised. There is no implementation description.

In my experience the audit requirements which the auditor requests are most of the time based on the imagination of the auditor.

Hint: you might want to ask where the requested implementation is specifically detailed black on white.

Frits Hoogland

http://fritshoogland.wordpress.com
frits.hoogland_at_gmail.com
Office : +31 20 5939953
Mobile: +31 6 14180860

(Sent from my iPhone, typo's are expected)


> Op 28 aug. 2014 om 17:05 heeft David Barbour <david.barbour1_at_gmail.com> het volgende geschreven:

>

> Morning,

>

> I was wondering how others might be handling the SOX reporting/auditing issue we've been assigned.

>

> The audit folks want to know when DML occurs on a particular table and the original and new value(s).  I've implemented FGA on the table and can capture the change.  Using the transaction ID, I can then go back to the flashback_transaction_query and get the original values.  Of course, the only guarantee of being able to pull the undo sql containing the original values is that the query is performed before the undo retention expires.  Pre-supposing I have a job that queries dba_fga_audit_trail and grabs the undo in time, what might happen next?  I was thinking of storing the values in a table created specifically for this purpose.  Then I'd probably create a view to generate the report.

>
> I'd appreciate any other ideas or refinements. This is a pretty busy database and I've got to be careful bumping undo retention too high. I'm undoubtedly missing something .............

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Aug 29 2014 - 02:45:38 CEST

This message: [ Message body ]
Next message: Iggy Fernandez: "RE: SOX Reporting Requirement"
Previous message: Stefan Knecht: "Re: SOX Reporting Requirement"
Maybe in reply to: David Barbour: "SOX Reporting Requirement"
Next in thread: Iggy Fernandez: "RE: SOX Reporting Requirement"
Reply: Iggy Fernandez: "RE: SOX Reporting Requirement"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message