OraFAQ Forum: Security » SOX compliance

Home » RDBMS Server » Security » SOX compliance (Oracle 11gR2 on RHEL 4)

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

SOX compliance [message #540688]

Wed, 25 January 2012 06:26

himabija
Messages: 33
Registered: December 2011
Location: San Francisco

Member

For last few days I was just investing my times to understand SOX compliance for oracle database. But then I realized that SOX Compliance is a Bill to secure IT environments from possible security threats and it does not provide any guideline to implement it . So there is no specific implementation guideline for oracle database and we have to implement it according to business need (as Oracle database intrinsically is not justSOX compliant ).

So I was looking for some documents (or interpretation of SOX compliance for oracle database)what DBA's needs to do to make his database SOX compliant but unfortunately I'm not very happy with the documents I got over Internet (I'm providing the best link i have received over internet ) .Can you provide some better resource for this topic?

Is there any tool/script available to check whether database is sox compliant or not?(Just to ensure DBA has not skipped any areas .)

[Updated on: Wed, 25 January 2012 06:29]

Report message to a moderator

Re: SOX compliance [message #540692 is a reply to message #540688]

Wed, 25 January 2012 06:45

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Quote:

as Oracle database intrinsically is not justSOX compliant

This is irrelevant, it is just like to say intrinsically files are not SOX compliant, intrinsically Unix/Linux are not SOX compliant...

The question is: does Oracle provides the tools/features to implement a database application compliant to SOX. The answer is yes.

Regards
Michel

Report message to a moderator

Re: SOX compliance [message #540705 is a reply to message #540692]

Wed, 25 January 2012 07:24

himabija
Messages: 33
Registered: December 2011
Location: San Francisco

Member

I understand your point. But my question remain unanswered .I'm briefing my question again.

1. interpretation of SOX compliance for oracle database?
2. Is there any tool/script available to check whether database is sox compliant or not?

Report message to a moderator

Re: SOX compliance [message #540721 is a reply to message #540705]

Wed, 25 January 2012 07:57

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

But SOX compliance is not a matter of database but application, whole application, and how the application uses the database and how all this is organized. It is meaningless to ask for database alone, so generic script is irrelevant.

Regards
Michel

[Updated on: Wed, 25 January 2012 08:02]

Report message to a moderator

Re: SOX compliance [message #540723 is a reply to message #540705]

Wed, 25 January 2012 08:01

John Watson
Messages: 8976
Registered: January 2010
Location: Global Village

Senior Member

Hi - I thought that SOX was a set of rules for financial controls and reporting, therefore all done by the application - nothing to do with the database? I don't think it is like, for example, the PCI rules regarding encryption, which you as DBA may have to implement.

Report message to a moderator

Re: SOX compliance [message #540727 is a reply to message #540723]

Wed, 25 January 2012 08:08

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

A SOX compliant toolkit can be found at: http://www.soxtoolkit.com/

Regards
Michel

Report message to a moderator

Re: SOX compliance [message #540766 is a reply to message #540727]

Wed, 25 January 2012 11:36

himabija
Messages: 33
Registered: December 2011
Location: San Francisco

Member

Quote:

the PCI rules regarding encryption

@John: You are absolutely right.Actually I have seen one of the post in this forum regarding PCI rules and came into conclusion that SOX compliance should have some instruction for database like PCI.

@Michel : I would have tried the toolkit today and give you all my feedback but unfortunately it comes with $199 . Laughing

Anyway thanks John and Michel for your input.

[Updated on: Wed, 25 January 2012 11:39]

Report message to a moderator

Re: SOX compliance [message #650036 is a reply to message #540688]

Wed, 13 April 2016 01:57

sameen
Messages: 1
Registered: April 2016
Location: kolkata

Junior Member

@himabija.. Do you get your ans that how to know that is your db is sox compliance or not?
if yes then ple tell me.
Pls also tell me that how to remove sox compliance from our DB?

Report message to a moderator

Re: SOX compliance [message #650045 is a reply to message #650036]

Wed, 13 April 2016 06:43

EdStevens
Messages: 1376
Registered: September 2013

Senior Member

sameen wrote on Wed, 13 April 2016 01:57

@himabija.. Do you get your ans that how to know that is your db is sox compliance or not?
if yes then ple tell me.
Pls also tell me that how to remove sox compliance from our DB?

Did you not read all of the responses in this 4-year old thread you just revived?
SOX compliance is a business issue, to be addressed in the application. It is not a database issue. There is nothing to "remove" from the database.

Report message to a moderator

Previous Topic:	ORA-01017: invalid username/password; logon denied
Next Topic:	When Role Was Granted?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun May 04 05:47:05 CDT 2025