Case Study
Founded in 1861, Hanger Orthopedic Group is the largest provider of orthotic and prosthetic patient care services and products in the U.S. Before Hanger implemented SQL Compliance Manager, they were using a “homegrown” application that was time-consuming to maintain and required a lot of overhead. More importantly, it did not produce the reports that the auditors required.
Hanger now uses SQL Compliance Manager to track and report every access and change to their SQL Server databases to create reports for Sarbanes-Oxley (SOX) compliance. “SQL Compliance Manager is a more cost-effective solution, offers more functionality, and requires a lot less work on our part. Furthermore, it is a neutral third-party application that auditors seem to prefer,” said Brian Smith, Hanger’s enterprise data architect.
Weekly, Hanger uses SQL Compliance Manager to generate a report for “Changes by User ID.” This is one of many reports that ships pre-defined with the product. This report is accessible via the SQL Compliance Manager Web interface, so the company never has to launch the client interface of the product.
The security manager then compares the SQL Compliance Manager report with the Help Desk Ticket ensuring that every change made to SQL Server can be tracked to an actual Help Desk Ticket number. Hanger’s security manager is responsible for reviewing and physically signing off on the reports as they are run weekly. These reports are saved for the quarterly visit from the auditors.
Conclusion
When a user accesses sensitive data, or when a breach occurs, SQL Compliance Manager identifies the content of the event, including the date, time, data accessed, and by whom, providing a clear audit trail and alerting those individuals who may need to take action.
SQL Compliance Manager helps you meet multiple goals, whether you are fulfilling the requirements of internal auditors or simply need to feel comfortable with your database security model.