There are companies world wide offering various BPCS support services, including in the UK, many of them on this list. Neither AS/400 nor BPCS come with system security audit support, unless you count 400 security journal, which really needs 3rd party tools to make heads or tails of. Several 3rd parties sell security audit support for the 400, and also for BPCS/400 in particular. Some of these tools help you establish SOX-etc. compliant controls. they are not just reports listing violations, that you not see if you not look at them. There are also tools out there that can catch violations immediately when they happen, such as embezzlement, or breach about to happen but you can stop it. My company gets its BPCS tech support from http://www.unbeatenpathintl.com/ UPI, so I am familiar with what they do to help BPCS companies become SOX etc. compliant. See for example: http://www.unbeatenpathintl.com/upisox/source/1.html They have lots of competitors out there. You might ask the business that you aquired, who they use for BPCS tech support, and what upgrades they have implemented, relevant to your compliance goals. They may already have some of the documentation that would be useful to you, such as * IBM's Redbook on BPCS System Architecture * BPCSDOC on-line manuals for each application ... you should look at the logic manual first = SSALOG00 * You might also check BPCS archives for past posts on BPCS Documentation and BPCS Manuals ... there are links on my sig, and for those that are broken, the names of the outfits are still on the Internet with new urls http://radio.weblogs.com/0107846/stories/2002/11/08/bpcsDocSources.html There are pharmaceutical companies both on BPCS and compliant with the most rigorous regulations, so we know this can be done. However, many of the regulations only apply to large corporations. They do not work where one person does it all. Base 405 security needs a serious upgrade, such as one that UPI provides. I do not recall the precise name of that service. http://www.unbeatenpathintl.com/bells/source/1.html My memory is that for a few $ X,XXX.XX, they convert BPCS V4 from the group security architecture that is no good for the PC & Internet world, to a very robust security architecture consistent with contemporary standards. My company have aquired a business running several BPCS V4.05 systems. In order to integrate these systms into the Sarbanes Oxley and other compliance programs I am trying to understand the system architecture and options for performing system security audits. I have info and capability to provide AS/400 operating system audits. Does anyone have a checklist or can recomend a UK based organisation or person who could help to understand the applications with respect to security controls - e.g. Segregation of Duties, Security parameters to monitor, User and role management. thanks Richard Before posting, please take a moment to review the archives at http://archive.midrange.com/bpcs-l. - Al Macintyre http://en.wikipedia.org/wiki/User:AlMac http://www.ryze.com/go/Al9Mac BPCS/400 Computer Janitor ... see http://radio.weblogs.com/0107846/stories/2002/11/08/bpcsDocSources.html
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.