cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Oracle and Sabanes-Oxley

Go to solution
Former Member

on ‎07-06-2005 2:06 PM

0 Kudos

Hi everybody,

we are currently in the process of getting our R/3 system SOX compliant. One thing that was objected to was the fact that passwords of the Oracle users SYS, SYSTEM and SAPR3 are known to more than two administrators, that the passwords are not changed regularly and that users are not locked after a few failed login attempts.

It seems rather difficult resp. dangerous for us to change these settings. Does anybody have experience with this? Is there something like widely accepted guideline for SOX and Oracle reps. basis operation?

thanks in advance

Richard

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-08-2005 7:16 AM
0 Kudos

SOX is such a touchy subject.

Personally I wouldn't want to have policies that were

"non-compliant" both for your sake and for your CEO's sake.

Now as to your question on SYS, SYSTEM and SAPR3. Do the auditors even realize that I don't have to know the passwords of these users to get full admin access???

I'd like to know if there are SOX guidelines regarding DB access also. The only thing I'm aware of is that everything should be auditable (thus making admins accountable). This is 1 reason why Oracle 8i will not be SOX compliant. You can NOT audit connect internal.

Show replies
Show replies

Answers (0)

Ask a Question