Article: Sarbanes-Oxley Standards for DBAs in plain English 1902



  • Sharing this good article as an FYI …
    Sarbanes-Oxley Standards for DBAs in plain English
    Please add paste to your browser and add www
    dbazine.com/ofinterest/oi-articles/mcquade2
    So, after the agony of an audit, here are the SOX requirements for Database Change Management in plain English:
    Changes to the database are widely communicated, and their impacts are known beforehand.
    Installation and maintenance procedure documentation for the DBMS is current.
    Data structures are defined and built as the designer intended them to be.
    Data structure changes are thoroughly tested.
    Users are apprised, and trained if necessary, when database changes imply a change in application behavior.
    The table and column business definitions are current and widely known.
    The right people are involved throughout the application development and operational cycles.
    Any in-house tools are maintained and configured in a disciplined way.
    Application impacts are known prior to the migration of database changes to production.
    Performance is maintained at predefined and acceptable levels.
    The database change request and evaluation system is rational.
    Turn-around time on database changes is predictable.
    Any change to the database can be reversed.
    Database structure documentation is maintained.
    Database system software documentation is maintained.
    Migration through development, test, and especially, production environments is rational.
    Security controls for data access is appropriate and maintained.
    Database reorganizations are planned to minimize business disruption.



  • Nice article harry though it seems it talks mostly around change management only.
    also this point
    Performance is maintained at predefined and acceptable levels.
    Does it means the same as: Any possible difference in performance during the change is documented in the RFC.
    Calvin



  • also this point … Performance is maintained at predefined and acceptable levels. Does it means the same as: Any possible difference in performance during the change is documented in the RFC
    I agree with Calvin than any change in performance needs to be documented and communicated. Hopefully, in most cases the system change will not cause degradation that might impact normal and peak load transaction response times. Still, adding the overhead of new search indexes, views, history, or even new fields can sometimes impact DB performance (and associated online transactions).


Log in to reply