I wish... ISO 9000 (in our case, ISO 9001) was a piece of cake compared to this. We were ISO certified five or six years ago. I forget when, but it was nothing at all compared to SOX.
Sorbanes-Oxley (aka SOX) was the legislation passed in the wake of Enron... to make CEO's and CFO's personnally sign off on the "believability" of any publicly-traded company's financial reporting. In order to show SOX level documentation I have to be able to prove that "any change" at "any time" made to "any system" is completely documented, approved, and processed according to company policy. By "any" system it means really everything... You want to apply the newest patch to XP on your computer? Sure... but you need to fill out a form to make sure that the change to your system is approved, and that the proper forms are printed and filed in advance of the "change". Then the application of the change must be tracked and approved through the chain of command, once applied.
If this remains true... we will be completely unable to actually help anyone in the company. I will have to require everyone to do such insane documentation of their work that it will result in no actual work ever being done.
I've had enough of this.
Yuck... I thought ISO-9000 was tedious enough.
Want to go buy a coffee farm in Africa?