Re: Minimizing downtime for 9i to 10g upgrade

Fernando Nunes wrote:
> Michael Austin wrote:
>

>>
>> And if your data contains SOX or PCI (credit-card) information, you 
>> are probably in violation of their security update rules and when next 
>> audited, you will be fined very heavily for not being in compliance. 
>> They require security patches (OS, Application, Network and Database) 
>> to be applied within 30-60 days after it is released.
>>

Sarbanes-Oxley is federal law in the US. You can find a complete copy by visiting the US Securities and Exchange Commission website.

PCI is Payment Card Industry compliance regulations enforced by American Express, Visa, Mastercard, etc. and you should be able to find it on the web but your CFO had to have signed an agreement containing it when you agreed to accept credit cards.

But it is far worse than just these two.

Do medical in the US and you are subject to HIPAA

Handle brokerage records and you are subject to additional compliance regulations from the SEC.

Collect any information related to consumer credit reports and you are subject to the US Federal Trade Commissions FACTA regs.

Also need to make sure you comply with the US law known as Gramm-Leach-Bliley (GLB) administered by the FTC.

Do business in Oregon state and you'd best have your eye on the law known as Senate Bill 579. And just about every other regulatory authority in the US, Canada, Europe, and Asia has regulatory requirements too so one must be knowledgeable about many rules and regs such as: FDA CFR 21 Part 11, OMB Circular A-123, USA Patriot Act, J-SOX, CLERP 9, Basel II, ....

Thus what most do is comply with what is called the COSO Cube. You can find it with google.

-- 
Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington
damorgan_at_x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org