|
Good afternoon, Although BMR 54119 may touch one user profile maintenance subject, vanilla BPCS security maintenance still leaves much to be desired --- particularly in view of the Sarbanes-Oxley (SOX) compliance deadline arriving in 2004. Look here for SOX Act compliance info in a nutshell: http://www.unbeatenpathintl.com/SO-act/source/1.html An IS manager (Tom) told me about their recent experience with a SOX "dress rehearsal" audit. The auditor kept asking user authority questions that were exceptionally difficult to answer using vanilla BPCS. Tom felt that the "dress rehearsal" process would have been much, much easier with our BPCS "By Invitation Only" software. More about "By Invitation Only" software: http://www.unbeatenpathintl.com/BIOnly-start/source/1.html Warm regards and Merry Christmas, Milt Habeck Unbeaten Path International North America toll free: (888) 874-8008 International calls: (262) 681-3151 mhabeck@xxxxxxxxxx www.unbeatenpathintl.com ----- Original Message ----- From: Genyphyr Novak To: SSA's BPCS ERP System Sent: Friday, December 12, 2003 5:55 AM Subject: Re: BPCS user profiles ---> security by obscurity Hello, The new releases of BPCS have enhancements to the BPCS SYS600 maintenance program which allow the automatic expiration of any BPCS user ID which is not also a valid user ID on the AS/400 by use of a single F key. There is a 2nd feature to permanently purge these IDs from the security files, if desired. (BMR 54119). Thanks, Genyphyr Novak SSA Global ----- Original Message ----- From: "Milt Habeck" <mhabeck@xxxxxxxxxx> To: "BPCS user community" <BPCS-L@xxxxxxxxxxxx> Sent: Tuesday, December 02, 2003 10:21 PM Subject: BPCS user profiles ---> security by obscurity Some BPCS users don't have a margin of safety between their user count and their concurrent license count, so a substantial effort is needed to prepare well for the inevitable SSA audit. Preparation isn't easy because BPCS user profile maintenance is clunky; abundant patience is needed to do an A+ job defining BPCS security profiles. Quite candidly, vanilla BPCS has never inspired the diligent level of attention needed to do user security well. Introducing a better idea === > "By Invitation Only" ... another Bells & Whistles® for BPCS software product from Unbeaten Path. Due diligence for BPCS user profile definitions has always been an excellent idea .... By Invitation Only software now makes it achievable. Peace to you and God bless, Milt Habeck ----- Original Message ----- From: WASHBURNCCINC@xxxxxxx To: bpcs-l@xxxxxxxxxxxx Sent: Monday, September 29, 2003 8:38 AM Subject: SSA SmartAudit being requested has anyone else got this? Last week SSA requested a License audit. Now this is not a problem as we have a 50 concurrent user license and we never have more than 30 users on at a time, but we cancelled maintenance over a year ago and we dont want to take the time to run the reports they are requesting. Has anyone else been asked for an audit AFTER they cancelled their maintenance agreement? Thanks KW
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.