• Thanks to both of you for your response.  Let me ask you both this and if anyone else owuld like to chime in then please do so.

     

    If I have a database on an instance of SQL Server that cintains fiancial data used to prepare financial reports and I leave that instance of SQL Server setup in a way that allows for non-authorized users to access the DB via the sa login then would that indicate that I am in violation of SOX?  I know that this scenario is justs bad, very bad for other reasons.  What I'm focused in on is whether or not this type of setup could be a SOX compliance problem.

     

    Thanks

    Kindest Regards,

    Just say No to Facebook!