May 8, 2013 at 7:54 pm
Need assistance on the following :
a) What are the common SQL database events/activities that should be audited?
b) How long should the audit logs be kept?
Would appreciate any thoughts on the matters.
May 9, 2013 at 3:57 am
I don't think there's a standard answer for either question. Auditing requirements are either a business or legal requirement. If the business you're working with doesn't need auditing, there's no need to turn it on at all. Otherwise, you need to consult with the business side to understand their expectations. Publicly traded companies have to comply with some part of Sarbannes-Oxley for some of their data. While US health-care companies have to comply with HIPA for parts of their data. You may even be in a publicly traded health-care company where you have to comply with both. I'd go straight to the business and ask this question.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply