Our auditors make requests and our Operations team pulls the required data,
usually in an .xlsx format.
Having the same company each year, the requests are 98% the same.
They may ask for something like all the new orders in 10 different days (a
list) and then using that list make random requests for details.
The lists of users is usually 100% lists, but the audit of program changes
is random selection from a list.
We do have to give them the commands and sql that generate any list.
Parts of this are interactive (they ask, OPS generate, they look and ask
for more details.
Lots of documentation of how users are maintained - procedures for request,
approval, execution.
The above avoids having auditors roaming the system.
One area that is separated - is another company does penetration testing
(and that has caused operational problems - they did a guess at service
accounts, matched one, and hit it enough to disable it...(and this was no
easy dictionary attack - I counted over 30,000 profile names attempted...
Jim Franz
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Paul
Nelson
Sent: Wednesday, September 20, 2017 6:10 PM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxx>
Subject: RE: auditor access
Get in writing exactly what the auditor is wanting to see. Then give her a
ream of paper with that information. She's going to want it on paper
eventually, so cut your audit bill and give her what she wants when she
walks in the door.
Paul Nelson
Cell 708-670-6978
Office 409-267-4027
nelsonp@xxxxxxxxxxxxx
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jerry
Draper
Sent: Wednesday, September 20, 2017 3:52 PM
To: Midrange Systems Technical Discussion
Subject: auditor access
Our IBM I system environment is undergoing an external audit.
How can we provide read-only access for the auditor (i.e., with no ability
to execute change, add, or modify)
They need to view users, libraries, jobs, job description etc.
Thanks,
Jerry
--
Jerry Draper, Trilobyte Software Systems, since 1976 IBMi, Network, and
Connectivity Specialists, LAN/WAN/VPN Representing WinTronix, Synapse, HiT,
and others .....
(415) 457-3431 opt-1 . www.trilosoft.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD
midrange.com
