Michael, Arup Nanda wrote a book covering HIPAA, covering auditing, FGA, VPD. Arup wrote a series of papers for OTN, here's one: http://www.oracle.com/technology/oramag/webcolumns/2003/techarticles/nanda_fga.html Sarb-Ox is so open to interpretation and implementation, that its best to check with your auditors as far as what policies they see as appropriate and how to implement them. audit_trail=true and "audit session" would be a great start, but sometimes you're better off doing nothing than a piecemeal and incomplete effort. Paul On Thu, 13 Jan 2005 10:06:27 -0500, Kline.Michael <Michael.Kline@xxxxxxxxxxxx> wrote: > Has anyone done a good paper on what Sorbanes Oxley means for the DBA > and that related group? > > Some of our "requirements" are quite large and usually based on "I THINK > Sorbanes Oxley may require it. > > It would be nice to know without having to have a law degree. > > Michael Kline > ************************************************ > The information transmitted is intended solely > for the individual or entity to which it is > addressed and may contain confidential and/or > privileged material. Any review, retransmission, > dissemination or other use of or taking action > in reliance upon this information by persons or > entities other than the intended recipient is > prohibited. If you have received this email in > error please contact the sender and delete the > material from any computer. > ************************************************ > > -- > //www.freelists.org/webpage/oracle-l > -- //www.freelists.org/webpage/oracle-l