Dear Jim  ~  response #1,

Your question about BPCS security is very pertinent and the
implications are much broader than a SOX compliance issue.

There's an alphabet soup of standards, acts of Congress, and
professional guidelines that demand due diligence attention
to locking down our computer systems. This link provides an
index to the 10 most prominent regulations:

   http://www.unbeatenpathintl.com/ITstandards/source/1.html 

The list starts with Sarbanes-Oxley and includes the more
recent PCAOB (pronounced 'peek-a-boo') interpretation of SOX
addressed to auditors. PCAOB is where the rubber meets the
road for SOX. Here are the direct links to those two subjects:

   http://www.unbeatenpathintl.com/SO-act/source/1.html 
   http://www.unbeatenpathintl.com/pcaob/source/1.html 

This response #1 is intended to present overview information
about the regulatory environment for IT security. Next, look for 
response #2 which will present details specific to BPCS 
security vs. OS/400 security.  

God bless,

Milt Habeck
Unbeaten Path International

Toll free North America:  (888) 874-8008
International voice: (262) 681-3151
European contact: (44) 1-737-824248
mhabeck@xxxxxxxxxx
www.unbeatenpathintl.com



++++++++   +++++++   +++++++   +++++++   +++++++   +++++
From: Reinardy, James
To: bpcs-l@xxxxxxxxxxxx
Sent: Wednesday, June 09, 2004 3:17 PM
Subject: DB2 Users

Hello All,

We are running BPCS 6.04 on iSeries.  I am trying to understand the
relationship between iSeries users, BPCS users and DB2 file access. The
concern is arising because of Sarbanes-Oxley.  Our auditors are
suggesting that we need to lock down file privileges against the BPCS
database, but we are a little unclear about what user BPCS uses for data
access against DB2.  Is it the individual user that is logged into BPCS,
that user with a changed profile (SSA perhaps vs. *PUBLIC), or some other
generic user?

The idea here is to restrict access on a file by file basis for AS400Query,
SQL queries, ODBC connections, etc.  However, we want to be sure if
we lock things down that we don't break BPCS screens and batch
jobs.  Any suggestions on how to improve our understanding in this area
would be appreciated.

Regards,

Jim Reinardy
Director-IS
Badger Meter, Inc.



This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].