One method of handling application metadata is to segregate it to its
own tablespaces, which are altered to read only except during
application maintenance. If an event trigger is configured to send an
alert when such tablespaces are altered to read write, I think that
most any auditor would be satisfied.
A lot of my employer's lookup data is in small tables anyways, so I had
moved such tables into a 2 KB block size tablespace and set it to read
only. Many of these tables were marked as candidates for single table
hash clusters - so we accomplished several objectives in the move.
Thanks Paul for some good advice on managing application repositories.