On 8/15/06, ryan_gaffuri@xxxxxxxxxxx <ryan_gaffuri@xxxxxxxxxxx> wrote:
I was told by management that SOX states developers can't have access to production. Might be a misinterpretation of some agreement with auditors. Even with read only access you open the door to people downloading data and putting it up for sale on ebay which is where this comes from.
While possible, I think most IT folks are at least smart enough to know that selling propietary information on eBay would be easily traceable.
Though there are other ways to dispose of the data.
I think the greater concern is that someone could form a shell company, redirect money to the company, and then leave.
If done well, it could take awhile to discover the problem.
-- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist
