Doug gave the announcements and talked to the group about SQL Connections and PASS – upcoming SQL conferences.  Lots of jokes, a little bit of complaining about how salesy the last presentation was, and some thanks to our sponsors from Lumigent.

Harvey Parnell from Lumigent gave us a presentation on database auditing – an “essential business practice for Sarbanes-Oxley compliance”.  Did you know that SOX compliance requirements within organizations have actually changed from the first year to the second year?  In the first year of government regulated auditing, a lot of companies scrambled to meet the requirements.  Frequently those requirements just couldn’t be met easily because there aren’t any products on the market which meet the needs.  Basically, the Sarbanes-Oxley act dramatically changed financial reporting rules for public companies.  In the second year (this year) there is a lot of focus on forcing accuracy of data down to the individual database level through automated tools and manual processes.  The goal is to avoid future Enrons and Worldcoms (accounting scandals).  As far as databases are concerned, the data contained inside of the financial applications are critical to the public organizations.  Auditing attempts to prevent unauthorized access from both external and internal threats from happening, and if they happen they need to be monitored.  Basically there are many auditing controls which are either violated or deficient.  For example, development staff can run transactions in the production system.  This brings to light the need to apply database auditing to all types of data access.  That way, if something goes wrong, you know what the data was before the problem, what it is after the problem, and how to prevent the problems in the future.  While tonight’s presentation focused on the Sarbanes-Oxley Act, there are other legislative requirements for auditing including the HIPAA (medical patient records), Graham Leach Billey Act and Basel II (personal financial records), and other regulations which require data retention for periods of time, such as seven years.  After showing us how difficult it really is to monitor a database system as completely as one needs to be monitored, Lumigent’s staff told us how their application, the Entegra Auditing System meets as many of these needs as possible, with more features on the way.

Next Month – Shawn Wildermuth talking about CLR integration between Visual Studio 2005 (Whidbey) and SQL Server 2005 (Yukon).  After several DBA-centric presentations, I personally will be happy to see something which speaks a little more to the concerns of the developers in the audience.  Those who have seen Shawn present at the main .Net User Group or the Atlanta Mobility User Group know he is an engaging speaker.  Come refresh your understanding of how the CLR integrates with the new Yukon database engine.

— Matt Ranlett