• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

Database Auditors

My department (Database Unit) is scheduled to be audited in January 2011.  I've never be in this situation before, none have I done any database documentation.  

Please, what exactly do I need to get prepared for database auditing.

How is database documentation done?  

What needs to be documented for the auditing.

Any special template?

Please respond with detail steps.

Thanks
0
Favorable
Asked:
Favorable
3 Solutions
 
Raja Jegan RSQL Server DBA & ArchitectCommented:
>> How is database documentation done?  

You can use these third party tools to get documentation done easily:

1. ApexSQL Doc (http://www.apexsql.com/sql_tools_doc.aspx)
2. RedGate SQL Doc (http://www.apexsql.com/sql_tools_doc.aspx)

>> what exactly do I need to get prepared for database auditing.

Database Auditing is nothing but confirming your database to be online with the standards defined for your organization.
If you have SQL Server 2008 or 2008 R2, then you can enforce all these standards using Policies and Facets which would alert you in case of any violations. Else you need to manually check for these kind of violations and correct it accordingly.
0
 
CboudrozCommented:
Normally its more about security.

Make sure your have a some rules wright down for security and that they can be confirm on the server:


ex:

List of DBA
List of Data reader
List of Data Writer
ALL User need to used Store procedure to access data
Sensitive data are encrypted (Credit card)
Difference between DEVELOPPEMENT server and production server.
Maintenance plan
...


0
 
FavorableAuthor Commented:
Do you have a script that will list all the user and privilleges assigned?
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
Racim BOUDJAKDJIDatabase Architect - Dba - Data ScientistCommented:
If the Auditors are MS, they will be conducting something called a SQLRAP and will be looking for several points among which *security*

Proceed by priority:

> Deploy a monitoring: install SCOM Management Pack for SQL Server.  Show you have things under control...
> Security: Take away BUILTIN/ADMIN from the logins.  Most auditors I have met perceive it as a major security threat
> Security: on your sensitive databases, reduce the numer of logins to the minimum;  Tell the auditors, you have ongoing projects to rectify previous poor security.  That will buy you time...
> Make sure your sensitive databases are backed up.  That way you can always say: Hey I know my database are not secured BUT I CAN restore them anytime if loose them...
> Break TEMPDB into as many files as there cores on the servers hosting them...Shows the auditor you are conscious about best practices...

The actions above are among the ones that will give you some respect from auditors...

Hope this helps...
0
 
FavorableAuthor Commented:
Will I need any special template or just word and excel?
0
 
Raja Jegan RSQL Server DBA & ArchitectCommented:
Steps to Audit DDL commands here:

http://www.mssqltips.com/tip.asp?tip=1006

Audit Logging through Profiler trace and Audit mode:

http://www.sqlmag.com/article/auditing/get-compliant-with-sql-server-2005-audit-logging.aspx

Best Practices Analyser (which would list you all possible violations):

http://www.microsoft.com/downloads/en/details.aspx?FamilyId=da0531e4-e94c-4991-82fa-f0e3fbd05e63&displaylang=en
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Tackle projects and never again get stuck behind a technical roadblock.
Join Now