How have companies secured controls around MS-Access applications for Sarbanes-Oxley compliance?

We've ported those Access databases with SOX implications to SQL. Access just doesn't have the level of granularity needed to lock it down properly. SOD is a particular nightmare because all members of the administrators group have full developmental access to the database as well -- a serious no-no.





If you can't do that immediately, you should document it and develop methodologies to ensure that unauthorized changes are not made, or at least if they're made then it is known, and get management to sign off on it.How have companies secured controls around MS-Access applications for Sarbanes-Oxley compliance?
If you needing to be SOX compliant, which makes me think that you are in a public company you really should be using something more robust then Access such as Oracle aor SQL Server. But to answer your question. Your main focus for IT controls will be to focusing on Change Management, Security, and Operations. One meathod is to go to your external auditors and ask them what are their key controls they will be looking for and ensure your internal testing has those controls in some form as well.

scars