Well your domain audit policy will help someway here but if your preparing
to become sox compliant your going to need more that.
The company will need an IT policy manual, implement split level access
control to ensure that development and production sox systems have
separation of duties (I.E. and admin in production has no access to the
underlying Sox Application data, or full access to the development
environment.
You will also need to ensure that the application admins don't have full
access to development and production, a method of controlling access to
systems is put in place that allows only the registered application owner to
authorise changes and access on the systems, (this is usual a manual process
such as e-mail notification from system owners to authorise changes before
allowing access, and ensure that full change control is in place for the sox
systems affected and is kept maintained up to date.
These are a few of the things we have had to implement across affected
systems
hth
rgds
Steve
