Our company recently got a bad mark on our SAS70 audit because I act as both DBA and developer.
Audit firm went so far to say DBA shouldn't have access to production data! Anybody else experience this?
Is there a way to log ALL sa transactions for review and audit? If so, that may satisfy them.
Thanks!
Scott
So nobody has experienced a SAS70 auditor claiming a developer cannot act as DBA?Or that the DBA cannot have rights to the production data?
|||I know that there are 3rd party products for auditing. We often allow application developers and database analysts (stored proc/ETL writers) access to production data. We have gone through two SAS70 audits without issues related to this.Generally speaking, these people are not assigned to the sysadmin role of the server.
Michelle
No comments:
Post a Comment