December 7, 2009 at 11:04 am
Hi all,
I work for an org which provides managed services to customers which includes providing Database Hosting service. It is mandatory for us to go through a SAS 70 Type II audit as part of SOX complaince. I have made the necessary security recommendations and we have implemented those which were agreeable to the customer. This is the first time I'm facing an audit, mostly I was a backend guy burried deep into database servers. Can anyone advice what type of questions will be posed by an auditor to a DBA?
December 7, 2009 at 11:14 am
Can't tell you what type of questions that you may be asked, but I can provide some advice.
Answer the question and nothing but the question.
Have documentation available to back up your answer.
DO NOT, under any circumstances, offer more information than asked.
December 7, 2009 at 12:02 pm
You may be asked any question that is in line with SOX compliance. You have made the security changes based on SOX guidelines, you can bet you will be asked many questions about that. Any bullet items in the Guidelines that pertain to the Database, expect to answer a question on it.
If you have all of that information already documented, then the audit should be pretty straight forward and take little of your time (comparatively).
Lastly, follow Lynn's recommendations. Don't offer up too much info, answer concisely and on topic.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
December 8, 2009 at 3:13 am
Thanks guys. Will let you know the results once the audit completes.
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply