Dear Jim ~ response #1, Your question about BPCS security is very pertinent and the implications are much broader than a SOX compliance issue. There's an alphabet soup of standards, acts of Congress, and professional guidelines that demand due diligence attention to locking down our computer systems. This link provides an index to the 10 most prominent regulations: http://www.unbeatenpathintl.com/ITstandards/source/1.html The list starts with Sarbanes-Oxley and includes the more recent PCAOB (pronounced 'peek-a-boo') interpretation of SOX addressed to auditors. PCAOB is where the rubber meets the road for SOX. Here are the direct links to those two subjects: http://www.unbeatenpathintl.com/SO-act/source/1.html http://www.unbeatenpathintl.com/pcaob/source/1.html This response #1 is intended to present overview information about the regulatory environment for IT security. Next, look for response #2 which will present details specific to BPCS security vs. OS/400 security. God bless, Milt Habeck Unbeaten Path International Toll free North America: (888) 874-8008 International voice: (262) 681-3151 European contact: (44) 1-737-824248 mhabeck@xxxxxxxxxx www.unbeatenpathintl.com ++++++++ +++++++ +++++++ +++++++ +++++++ +++++ From: Reinardy, James To: bpcs-l@xxxxxxxxxxxx Sent: Wednesday, June 09, 2004 3:17 PM Subject: DB2 Users Hello All, We are running BPCS 6.04 on iSeries. I am trying to understand the relationship between iSeries users, BPCS users and DB2 file access. The concern is arising because of Sarbanes-Oxley. Our auditors are suggesting that we need to lock down file privileges against the BPCS database, but we are a little unclear about what user BPCS uses for data access against DB2. Is it the individual user that is logged into BPCS, that user with a changed profile (SSA perhaps vs. *PUBLIC), or some other generic user? The idea here is to restrict access on a file by file basis for AS400Query, SQL queries, ODBC connections, etc. However, we want to be sure if we lock things down that we don't break BPCS screens and batch jobs. Any suggestions on how to improve our understanding in this area would be appreciated. Regards, Jim Reinardy Director-IS Badger Meter, Inc.