Hello Carolyn and Kenneth, Documenting OS/400 vulnerabilities and security threats is a very challenging technical exercise. It's also a non-technical subject because non-compliance consequences will be discussed at the Board of Directors / CEO / CFO / CIO level. If your enterprise can't provide documentation on OS/400 security that fits the PCAOB "objective source" standard to your SOX auditors, they will be very, very happy to do the work for you. That's a 3-week, one-command-line-entry-at-a-time process billed as high as US$600/hour. "Bill of Health" software was invented to comply with SOX/PCAOB requirements on OS/400 security documentation. It also provides a commentary on each discovered vulnerability and a prescription on how to mitigate each risk. Here's more information: >> A description of OS/400 security vulnerabilities written in plain English for a non-technical audience: http://www.unbeatenpathintl.com/BOH-Benefits/source/1.html >> An overview about the "Bill of Health" product: http://www.unbeatenpathintl.com/BOH/source/1.html >> A sample "Bill of Health" assessment report --- don't go here unless you want 40 pages of technically challenging content: http://www.unbeatenpathintl.com/sampledeliverable.pdf >> Information about SOX and PCAOB, the official standard for interpreting the Sarbanes-Oxley Act. PCAOB makes it clear that OS/400 security documentation generated by employees will not be viewed as "objective" for SOX audit purposes. . http://www.unbeatenpathintl.com/ITstandards/source/1.html God bless, Milt Habeck Unbeaten Path International North America: (888) 874-8008 International: (262) 681-3151 European contact: (44) 1-737-824248 mhabeck@xxxxxxxxxx www.unpath.com ++++++ ++++++ ++++++ ++++++ ++++++ ++++++ ++++++ ++++++ From: Graap, Ken To: 'Midrange Systems Technical Discussion' Sent: Monday, August 23, 2004 12:24 PM Subject: RE: Sarbanes & Oxley I would have to agree with Carolyn.... SOX is a "technical issue" we have been working on all year long! In fact, it is our #1 technical issue this year! Kenneth ++++++ ++++++ ++++++ ++++++ ++++++ ++++++ ++++++ ++++++ From: Burns, Carolyn To: Midrange Systems Technical Discussion Sent: Monday, August 23, 2004 11:42 AM Subject: RE: Sarbanes & Oxley This is a technical issue regarding documentation and gaps in systems. If your year end is prior to October 15th 2004 you do not have to be compliant until your 2005 year end. I have consultants who specialize in this area in IT and have been working with it quite a bit. Hope this helps. Best Regards, Carolyn Business Development Manager MODIS IT 1230 Rosecrans Avenue Suite 425 Manhattan Beach, CA 90266 Telephone: 310-727-3272 Cellular Phone: 310-989-0481 Facsimile: 310/727-1920 carolyn.burns@xxxxxxxxxxx
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.