In 2006, the Sarbanes-Oxley Act (SOX) became effective and was implemented by the Securities and Exchange Commission (SEC) to hold all US corporations accountable for their internal financial auditing controls. Failure to comply with SEC regulations can result in fines up to $10 million and 30 years in prison for a corporation.  

As one of the largest American fantasy sports betting operators, our customer has a vast amount of confidential customer data that requires protection against misuse. With such a migration from SQL Server to Snowflake, they needed to understand their plans to remain SOX compliant in the new Snowflake environment.   

While no specific technology tools were used in this project, Archetype completed an extensive review of the clients SOX compliance plan for their new Snowflake environment. Here is a summary of recommendations we offered to address any gaps in the plan. 

1. Most of the SQL table SOX process can be used in Snowflake by adding AD groups with assigned Snowflake roles to AD users.  

2. Remove Operational/Admin activities from the standard change management documentation process  

3. Provide bifurcated SQL architecture for financial and non-financial users for limited SOX exposure.  

4. A report writer application with SQL connectors should be provided in the Short-Term to for end users to create enterprise reports that can be locked down instead of running open ended SQL scripts 

5. For the Long-Term, SQL tables should be connected directly to the ERP (NetSuite) with possible use of FiveTran’s connectors. Please note this should work in tandem with the ERP planned relaunch. 

6. Remove human intervention to automate audit log validation. This will eliminate risk associated with end-users (especially financial) from direct access to SQL tables. 

Through Archetype’s recommendations, our customer is set up for success in being SOX complaint in their new Snowflake environment.