Quote:
Originally Posted by Sapporo Guy
I've just learned about this recently 
Can anybody tell me what kind of features in a software would be needed to fit these regulations?
I've spent the past 3 days going through google and I just can't find something that makes it easier to understand.
I get the concept of the Act (loool not that that one  ) but I just can't seem to find any simple answers.
Maybe, I just should buy the book ... but I'm limited on time.
hehe, thinking of building my own system  |
That is the most vague regulations in the IT history.. Basically you can do anything you want as long as you "ok" it and its documented. Of course the CIO will have to sign and agree that if you're running Enron-like system he'll be thrown to jail but thats a different story...
We're using Configuresoft (don't know if thats the vendor or the product name) and that seems to cover directory services, Unix, Windows, Oracle, Sybase and SQLServer.
Other software we evaluated was N-Circle and two others that I can't remember.
SOX Compliance can be really expensive... we had to use Guardium to audit database access, that alone is 1/4 million!
Then you have to get PWC or Delloite -like audit firms. Once again is $,$ and $.
Good luck!