I dont know much about databases. What i need is to create a procedure for protection database.
Please can anybody help with any form or something that is common for this case. Something more as law.
Is possible not to have one person with full access to DB? Something like 2 password protection.
In order that to be needed 2 persons if is needed full access.
How about logs. Is everything that is done register? How this can be controlled or saved. What i think is to send the log file with emain every day. Can the logs change by administrator?
I am just the lawyer and is required to make the protection procedure. How will be protected from the users. All i need is a form, something like a model. For example is required not to leave only one person with full access, but to have a double password protection. Also the procedure how the logs will be manage.
You should know which database software and operating environment you want to secure. There are Many standard ways to do this. Usually, there is a person or group responsible for security and they control who can do what after being provided with the rules by the data owners/management/etc.
Depending on the software and the configutation, most things can be logged - again set up and controlled by the system, network, or database administrators.
Setting up all of this has been the responsibility of the IT group, not legal. Often there is audit criteria that must be sataified (possibly reviewed by legal).