Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.server -> Re: I found the light

Re: I found the light

From: DA Morgan <>
Date: Sat, 24 Sep 2005 11:13:40 -0700
Message-ID: <1127585557.768169@yasure>

Paul wrote:
> DA Morgan <> wrote:

>>What rock have you been hiding under. We have all been waiting
>>for some brilliant person to guide us to a piece of garbage
>>with limited capabilities so we could all save money and be in
>>violation of Sarbanes-Oxley, HIPAA, FACTA, and other legal and
>>organizational security, stability, and scalability requirements.

> I'm a wee bit confused by this bit about conforming to Sarbanes-Oxley,

So are most of us that have to comply with them. ;-)

> Surely there are a myriad organisations out there that have to have
> good accountancy practices, and/or protect medical data and/or process
> credit cards, correct?


> Not all of these organisations use Oracle - they might use Sybase, MS
> SQL Server or IBM DB2 or Informix - i.e. not Oracle.

They might. And they might have no problem being compliant with these laws if they use the correct versions of the correct products.

> What I would like to know is what is it, particularly, about Oracle
> that makes it compliant with these rules and regulations? I'm sure
> that an Oracle server has as much potential to be sloppily
> administered as a PostgreSQL one.

The ability to audit all inserts, updates, and deletes no matter who does them, no matter the interface, no matter the authority, even if done by expert DBAs and operating system administrators. That capability does not exist in ANY open source RDBMS of which I am aware.

> Are you basically saying that Oracle makes compliance *_easier_* than
> other solutions, but is far from the only solution - basically any db
> properly administered could do the job?
> Paul...

Easier ... I'd say yes. There is no question someone can make anything compliant if they start writing Assembly code: Possibly even C. The secret is to have the capability built into the database at the kernel level and to have it in such a way that the auditors will sign off on it.

Compliance with the law is only as good as the willingness of an Accenture, Price-Waterhouse, or KPMG to put ink on paper on a financial statement. If they won't do it you might as well start cleaning out your desk if in the US and a public company or in Japan and engaged in banking (for example).

Daniel A. Morgan
(replace x with u to respond)
Received on Sat Sep 24 2005 - 13:13:40 CDT

Original text of this message