The essence of the SOX audit is to prove that you do what you say you do. The Sarbanes-Oxley Act doesn't require people to have a specific set of database controls, but whatever set of controls you pick, you need to demonstrate that you have a credible way of testing them. Sahaa Solutions helps companies implement the controls that protects the company’s most important asset, database, from financial misrepresentation. Following are some of our S-OX database controls:

1. Develop a sound password policy. This involves establishing password duration and password aging policies and requiring complex passwords.

2. Review permissions. The first thing auditors do is go into the most critical databases to find out who has access to what.

3. Validate access control lists. Test credentials against critical line-of-business systems. Auditors will look to see if your lists for who should have access to an application really govern who has access.

4. Plug database holes. Review database management systems and be able to validate that from a DBMS-authorization perspective that there are no holes. A common problem that auditors look at involves how many production systems that are housing sensitive data are running with the full credentials.