This paper provides an overview of internal IT controls for achieving SOX compliance from an auditor’s perspective. It is designed to help readers establish a best practices approach to database security and developing SOX metrics for database activity auditing.

The paper covers: what auditors are looking for, the controls that must be put in place to satisfy your auditor’s requirements and how you can implement these controls without turning your data center, or your business, inside out. It provides background on SOX as well as addressing key IT challenges including the creation of audit trails, segregation of duties, change control, patch management and privileged user tracking.

The goal of the paper is to help you achieve and maintain an effective data activity auditing program for SOX compliance without negatively impacting business processes, productivity or agility. For more information on data activity auditing for SOX compliance, please visit www.tizor.com