<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQLServerCentral.com
»
Editorials
»
Acing an Audit
Acing an Audit
Rate Topic
Display Mode
Topic Options
Author
Message
Steve Jones - SSC Editor
Steve Jones - SSC Editor
Posted Monday, January 28, 2013 9:23 PM
SSC-Dedicated
Group: Administrators
Last Login: Today @ 2:54 PM
Points: 31,410,
Visits: 13,726
Comments posted to this topic are about the item
Acing an Audit
Follow me on Twitter:
@way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
Post #1412742
Dizzy Desi
Dizzy Desi
Posted Tuesday, January 29, 2013 6:59 AM
Valued Member
Group: General Forum Members
Last Login: Thursday, April 11, 2013 10:27 AM
Points: 70,
Visits: 656
I totally agree that companies should have processes in place that keep them audit-worthy (not to mention more secure in general) at all times. My group is partly there - in SQL Server, we are pretty much always audit ready. I haven't been able to understand why our Oracle environments aren't. It's utter chaos for weeks leading up to an audit every single time.
And how reliable are those audit results, anyway? The audits should be looking at day to day processes, not giving people a heads-up weeks or months in advance to get themselves up to standard when they're lagging behind the rest of the year.
Post #1413025
Miles Neale
Miles Neale
Posted Tuesday, January 29, 2013 9:30 AM
SSCommitted
Group: General Forum Members
Last Login: Today @ 9:51 AM
Points: 1,891,
Visits: 936
Nice piece, and valuable information about a process that builds the right processes.
M.
Not all gray hairs are Dinosaurs!
Post #1413140
sturner
sturner
Posted Tuesday, January 29, 2013 10:23 AM
Ten Centuries
Group: General Forum Members
Last Login: Friday, May 17, 2013 11:27 AM
Points: 1,314,
Visits: 2,882
I would estimate that at least 20% of processes we have running and the resulting data generated are there exclusively to satisfy PCI and ISO audits.
The probability of survival is inversely proportional to the angle of arrival.
Post #1413180
nopeqwerty
nopeqwerty
Posted Sunday, February 03, 2013 3:27 AM
Forum Newbie
Group: General Forum Members
Last Login: Monday, February 04, 2013 6:33 PM
Points: 6,
Visits: 8
In my experiences the priority placed on financial and accounting audit functionality beyond what is required is driven by the industry they are in...ie insurance, banking, etc.
I question your thought about companies swaying their focus from what they excel at to focusing too much on home grown systems. As any system integrator has experienced more often than not scalability and integrations can become problematic. Usually cant get away from some level of modifications though, and in my experience the large enterprises have a mixture (for better or worse it keeps us employed).
Thanks!
Post #1415003
Jeff Moden
Jeff Moden
Posted Sunday, February 03, 2013 10:45 AM
SSC-Dedicated
Group: General Forum Members
Last Login: Today @ 5:33 PM
Points: 32,902,
Visits: 26,783
I agree with what I believe the premise of the article to be. If you have to actually spend any significant time preparing for an audit beyond setting up a couple of computers for the auditors to use, then you're doing something fundamentally wrong to begin with. Most things having to do with audits just aren't rocket science and, as Steve said in the article, are things that folks should be doing anyway.
By the way, my favorite "spec" for doing things the right way is "MIL-TP-41". It's the basis of all other specs whether they be ISO, ANSI, SEC, PCI, SOX, or whatever and is applicable to all industries. It means "Make It Like The Print For Once".
It doesn't suppress the ability to think outside the box or innovate or to react quickly to an emergency because "The Print" should have plans even for that.
--Jeff Moden
"
RBAR
is pronounced "ree-bar" and is a "Modenism" for "
R
ow-
B
y-
A
gonizing-
R
ow".
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."
For better, quicker answers on T-SQL questions, click on the following...
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
Post #1415034
« Prev Topic
|
Next Topic »
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
