One aspect of leading an enterprise database team today, is that sooner or later you may be asked to supply deployment and configuration patterns which meet requirements for Sarbanes-Oxley (SOX) compliance. As a publicly-traded company, Target Corporation is subject to external audits and must be able to demonstrate compliance with certain laws and regulations. However, most open source data tools were built to solve specific problems, and complying with security or auditing requirements is usually a bit of an afterthought. This talk describes our technical journey from a freely-downloadable open source database to a hardened, SOX-compliant datastore.