You are part of a publically traded company right? Or a wholly-owned subsidiary of one? Otherwise SOX is an optional.. Some companies have chosen to act like they are required to operate in SOX compliance as a way to have better control. I'm just wondering if yours is one of those..

You can often get seperation of duties by being the requestor of the change and the verifier, but not the implementor. What that means is that you don't actually do the deployment, you can help someone else but the have to be the ones doing it.

Also what is your change control process for putting things into production, if you are subject to SOX you should have a written policy that is audited. You chould have someone internally who is intimate with this process.

CEWII