Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

Acing an Audit

By Steve Jones,

I've been through relatively few audits in my database career. I've worked in a few industries that didn't require them, and avoided the stringent requirements of PCI and HIPAAISO 9000 was the first audit I encountered and I had been preparing for Sarbanes-Oxley (recently passed) when I left that company to come work for SQLServerCentral.

The preparation for an audit required a lot of work, meetings, and organization. The first time I suffered through an ISO audit, I was amazed at how much of our daily work was interrupted and the time spent ensuring we would pass the audit. The second time wasn't much better, though I'd instituted some processes and controls for the DBA group that did reduce the amount of preparation needed for our portion of the audit.

I wish that more companies I'd worked for had actually built the controls, security, and documentation into their processes. Maybe then they'd only need a 30 minute window to prepare for the audit. That's what an insurance company needed to do recently according to this piece. I found many of the rules and regulations required in the ISO and SOX documents to be ones I'd want to implement for my database systems. The hard part was getting management to agree and implement the rules as part of our daily work.

I did find it interesting that the company had built their own software to match their processes and allow employees to work efficiently. Lots of companies have struggled with the idea of becoming their own software company, but if software is truly going to be an important part of most businesses, perhaps it's a good investment for most of them.

Steve Jones


The Voice of the DBA Podcasts

We publish three versions of the podcast each day for you to enjoy.

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there. Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

You can also follow Steve Jones on Twitter:

Total article views: 148 | Views in the last 30 days: 1
 
Related Articles
ARTICLE

Auditing

For this Friday poll, Steve Jones asks about your auditing requirements.

BLOG

Podcasting

A new video setup is on the way!!!! Actually I'll do a couple podcasts on podcasting over the hol...

ARTICLE

Podcast Announcements

Podcast Feeds

FORUM

Podcast Problem

Podcast Problem Blocked by group policy

BLOG

Podcasting

I'm working on getting a small studio set up for some podcasting of the editorials. That means I put...

Tags
auditing    
editorial    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones