IDERA SQL Compliance Manager: Case Study
Hanger Orthopedic Group
CLIENT
Founded in 1861, Hanger Orthopedic Group is the largest provider of orthotic and prosthetic patient care services and products in the US. In addition to corporate offices in Texas, Hanger owns and operates over 600 patient care centers and several distribution centers nationwide.
Hanger Orthopedic Group
Industry: Medical prosthetic and orthotic devices
Headquarters: Austin, Texas
Website: www.hanger.com
CHALLENGE
Before Hanger implemented SQL Compliance Manager, they were using a “homegrown” application that was time-consuming to maintain and required a lot of overhead. More importantly, it did not produce the reports that the auditors required.
SOLUTION
Hanger now uses SQL Compliance Manager to track and report on every access and change to their SQL Server databases to produce reports for Sarbanes-Oxley (SOX) compliance. “SQL Compliance Manager is a more cost-effective solution, offers more functionality, and requires a lot less work on our part. Furthermore, it is a neutral third-party application that auditors seem to prefer,” said Brian Smith, Hanger’s Enterprise Data Architect.
RESULTS
Hanger has defined a specific process for running regular SOX reports to ensure compliance with their auditors. Whenever a change must be made within a SQL Server, it must be mapped to a User ID and a Help Desk Ticket. The ticket numbers are embedded inside SQL Server in the “comment” section when the change is made.
Weekly, Hanger uses SQL Compliance Manager to generate a report for “Changes by User ID”. This is one of many reports that ships pre-defined with the product. This report is accessible via the SQL Compliance Manager Web interface, so he never has to launch the client interface of the product. The Security Manager then compares the SQL Compliance Manager report with the Help Desk Ticket – ensuring that every change made to SQL Server can be tracked to an actual Help Desk Ticket number. Hanger’s security manager is responsible for reviewing and physically signing off on the reports as they are run weekly. These reports are saved for the quarterly visit from the auditors.