Re: Minimizing downtime for 9i to 10g upgrade

From: Fernando Nunes <>
Date: Sat, 13 Sep 2008 12:30:51 +0100
Message-ID: <gag821$28n$>

DA Morgan wrote:
> Fernando Nunes wrote:

>> Michael Austin wrote:
>>> And if your data contains SOX or PCI (credit-card) information, you 
>>> are probably in violation of their security update rules and when 
>>> next audited, you will be fined very heavily for not being in 
>>> compliance. They require security patches (OS, Application, Network 
>>> and Database) to be applied within 30-60 days after it is released.
>> Don't take me wrong, this is an honest question.
>> Do you have any resource publicly available where I can check your 
>> statement?

> Sarbanes-Oxley is federal law in the US. You can find a complete copy
> by visiting the US Securities and Exchange Commission website.
> PCI is Payment Card Industry compliance regulations enforced by American
> Express, Visa, Mastercard, etc. and you should be able to find it on the
> web but your CFO had to have signed an agreement containing it when you
> agreed to accept credit cards.
> But it is far worse than just these two.
> Do medical in the US and you are subject to HIPAA
> Handle brokerage records and you are subject to additional compliance
> regulations from the SEC.
> Collect any information related to consumer credit reports and you
> are subject to the US Federal Trade Commissions FACTA regs.
> Also need to make sure you comply with the US law known as
> Gramm-Leach-Bliley (GLB) administered by the FTC.
> Do business in Oregon state and you'd best have your eye on the law
> known as Senate Bill 579. And just about every other regulatory
> authority in the US, Canada, Europe, and Asia has regulatory
> requirements too so one must be knowledgeable about many rules and
> regs such as: FDA CFR 21 Part 11, OMB Circular A-123, USA Patriot Act,
> J-SOX, CLERP 9, Basel II, ....
> Thus what most do is comply with what is called the COSO Cube. You
> can find it with google.

Thank you, but for example SOX doesn't mention what was stated. And IIRC PCI (which is also publicly available) also doesn't... I may be wrong...

Thanks anyway.
Regards. Received on Sat Sep 13 2008 - 06:30:51 CDT

Original text of this message