Home » RDBMS Server » Security » SOX compliance (Oracle 11gR2 on RHEL 4)
SOX compliance [message #540688] Wed, 25 January 2012 06:26 Go to next message
himabija
Messages: 33
Registered: December 2011
Location: San Francisco
Member
For last few days I was just investing my times to understand SOX compliance for oracle database. But then I realized that SOX Compliance is a Bill to secure IT environments from possible security threats and it does not provide any guideline to implement it . So there is no specific implementation guideline for oracle database and we have to implement it according to business need (as Oracle database intrinsically is not justSOX compliant ).

So I was looking for some documents (or interpretation of SOX compliance for oracle database)what DBA's needs to do to make his database SOX compliant but unfortunately I'm not very happy with the documents I got over Internet (I'm providing the best link i have received over internet ) .Can you provide some better resource for this topic?

Is there any tool/script available to check whether database is sox compliant or not?(Just to ensure DBA has not skipped any areas .)

[Updated on: Wed, 25 January 2012 06:29]

Report message to a moderator

Re: SOX compliance [message #540692 is a reply to message #540688] Wed, 25 January 2012 06:45 Go to previous messageGo to next message
Michel Cadot
Messages: 68624
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
as Oracle database intrinsically is not justSOX compliant

This is irrelevant, it is just like to say intrinsically files are not SOX compliant, intrinsically Unix/Linux are not SOX compliant...

The question is: does Oracle provides the tools/features to implement a database application compliant to SOX. The answer is yes.

Regards
Michel
Re: SOX compliance [message #540705 is a reply to message #540692] Wed, 25 January 2012 07:24 Go to previous messageGo to next message
himabija
Messages: 33
Registered: December 2011
Location: San Francisco
Member
I understand your point. But my question remain unanswered .I'm briefing my question again.

1. interpretation of SOX compliance for oracle database?
2. Is there any tool/script available to check whether database is sox compliant or not?
Re: SOX compliance [message #540721 is a reply to message #540705] Wed, 25 January 2012 07:57 Go to previous messageGo to next message
Michel Cadot
Messages: 68624
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
But SOX compliance is not a matter of database but application, whole application, and how the application uses the database and how all this is organized. It is meaningless to ask for database alone, so generic script is irrelevant.

Regards
Michel

[Updated on: Wed, 25 January 2012 08:02]

Report message to a moderator

Re: SOX compliance [message #540723 is a reply to message #540705] Wed, 25 January 2012 08:01 Go to previous messageGo to next message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
Hi - I thought that SOX was a set of rules for financial controls and reporting, therefore all done by the application - nothing to do with the database? I don't think it is like, for example, the PCI rules regarding encryption, which you as DBA may have to implement.
Re: SOX compliance [message #540727 is a reply to message #540723] Wed, 25 January 2012 08:08 Go to previous messageGo to next message
Michel Cadot
Messages: 68624
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
A SOX compliant toolkit can be found at: http://www.soxtoolkit.com/

Regards
Michel

Re: SOX compliance [message #540766 is a reply to message #540727] Wed, 25 January 2012 11:36 Go to previous messageGo to next message
himabija
Messages: 33
Registered: December 2011
Location: San Francisco
Member
Quote:
the PCI rules regarding encryption


@John: You are absolutely right.Actually I have seen one of the post in this forum regarding PCI rules and came into conclusion that SOX compliance should have some instruction for database like PCI.

@Michel : I would have tried the toolkit today and give you all my feedback but unfortunately it comes with $199 . Laughing

Anyway thanks John and Michel for your input.

[Updated on: Wed, 25 January 2012 11:39]

Report message to a moderator

Re: SOX compliance [message #650036 is a reply to message #540688] Wed, 13 April 2016 01:57 Go to previous messageGo to next message
sameen
Messages: 1
Registered: April 2016
Location: kolkata
Junior Member
@himabija.. Do you get your ans that how to know that is your db is sox compliance or not?
if yes then ple tell me.
Pls also tell me that how to remove sox compliance from our DB?
Re: SOX compliance [message #650045 is a reply to message #650036] Wed, 13 April 2016 06:43 Go to previous message
EdStevens
Messages: 1376
Registered: September 2013
Senior Member
sameen wrote on Wed, 13 April 2016 01:57
@himabija.. Do you get your ans that how to know that is your db is sox compliance or not?
if yes then ple tell me.
Pls also tell me that how to remove sox compliance from our DB?



Did you not read all of the responses in this 4-year old thread you just revived?
SOX compliance is a business issue, to be addressed in the application. It is not a database issue. There is nothing to "remove" from the database.
Previous Topic: ORA-01017: invalid username/password; logon denied
Next Topic: When Role Was Granted?
Goto Forum:
  


Current Time: Thu Mar 28 07:37:01 CDT 2024