There are companies world wide offering various BPCS support services,
   including in the UK, many of them on this list.

   Neither AS/400 nor BPCS come with system security audit support, unless
   you count 400 security journal, which really needs 3rd party tools to make
   heads or tails of.  Several 3rd parties sell security audit support for
   the 400, and also for BPCS/400 in particular.  Some of these tools help
   you establish SOX-etc. compliant controls.  they are not just reports
   listing violations, that you not see if you not look at them.  There are
   also tools out there that can catch violations immediately when they
   happen, such as embezzlement, or breach about to happen but you can stop
   it.

   My company gets its BPCS tech support from
   http://www.unbeatenpathintl.com/ UPI, so I am familiar with what they do
   to help BPCS companies become SOX etc. compliant.  See for example:
   http://www.unbeatenpathintl.com/upisox/source/1.html

   They have lots of competitors out there.  You might ask the business that
   you aquired, who they use for BPCS tech support, and what upgrades they
   have implemented, relevant to your compliance goals.  They may already
   have some of the documentation that would be useful to you, such as
   * IBM's Redbook on BPCS System Architecture
   * BPCSDOC on-line manuals for each application ... you should look at the
   logic manual first = SSALOG00
   * You might also check BPCS archives for past posts on BPCS Documentation
   and BPCS Manuals ... there are links on my sig, and for those that are
   broken, the names of the outfits are still on the Internet with new urls

   http://radio.weblogs.com/0107846/stories/2002/11/08/bpcsDocSources.html

   There are pharmaceutical companies both on BPCS and compliant with the
   most rigorous regulations, so we know this can be done.  However, many of
   the regulations only apply to large corporations.  They do not work where
   one person does it all.

   Base 405 security needs a serious upgrade, such as one that UPI provides. 
   I do not recall the precise name of that service.
   http://www.unbeatenpathintl.com/bells/source/1.html
   My memory is that for a few $ X,XXX.XX, they convert BPCS V4 from the
   group security architecture that is no good for the PC & Internet world,
   to a very robust security architecture consistent with contemporary
   standards.

     My company have aquired a business running several BPCS V4.05 systems. 
     In
     order to integrate these systms into the Sarbanes Oxley and other
     compliance programs I am trying to understand the system architecture
     and
     options for performing system security audits. I have info and
     capability
     to provide AS/400 operating system audits. Does anyone have a checklist
     or
     can recomend a UK based organisation or person who could help to
     understand
     the applications with respect to security controls - e.g. Segregation of
     Duties, Security parameters to monitor, User and role management.

     thanks

     Richard

     Before posting, please take a moment to review the archives
     at http://archive.midrange.com/bpcs-l.

   -
   Al Macintyre
   http://en.wikipedia.org/wiki/User:AlMac
   http://www.ryze.com/go/Al9Mac
   BPCS/400 Computer Janitor ... see
   http://radio.weblogs.com/0107846/stories/2002/11/08/bpcsDocSources.html

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.