"It is suggested that you create at least one additional administrator user, and grant that user the DBA role, to use when performing daily administrative tasks. It is recommended that you do not use SYS and SYSTEM for these purposes."
The other part is to secure SYS and SYSTEM so that no one can access these accounts without first having to change the passwords. The accounts can be secured by setting the encrypted passwords to an uncryptable value by utilizing the undocumented command of ALTER USER
Now, I am curious to know how many organizations are actually following Oracle's recommendations and issuing individual DBA accounts and securing the SYS and SYSTEM accounts. I have had discussions with one of my DBA on these very issues where he insisted that it is almost a daily occurance where he has to be logged as SYSTEM to do his work. My counter arguements had (still are) that SYS and SYSTEM should only be required if there are reconfiguration work that needed to be done where the DBA role does not have the required privileges.
As of today, we are still not further ahead with implementing individual DBA accounts but the plan for me is to push ahead with the change and know that there will be times when it might cause my DBA some additional steps to get certain things done.