From where I stand, it's exactly like Ryan described: we got SOx-audited last year and again this year and in both occasions access to production by developers came up as an absolute no-no and something we simply cannot allow. Which I tend to agree with, BTW. ;-) -- Cheers Nuno Souto from sunny Sydney Quoting David Aldridge <david@xxxxxxxxxxxxxxxxxx>: > Tsh, is there any lie that those operations people won't tell in order > to keep us out of their sandbox? > > Seriously though, I don't think that SOX is that detailed, and I don't > believe any STIG is either. It sounds like that rule is more along the > lines of an _interpretation_ of the regulations, or a quoting of the > regulations to justify a rule (depending on your degree of cynicism). > > ryan_gaffuri@xxxxxxxxxxx wrote: > > > > I did DOD befoer this. I am doing financial now. The federal government > > actually passed security laws for financial companies as part of > > Sarbanes-Oxley(SOX). I was told by operations that one of the rules is > > that development cannot have access to production data. That is a > > problem for production support when you get data issues. -- //www.freelists.org/webpage/oracle-l