// //
View CartView Cart

QuestionsContact Us

Audit Programs

Table of Contents:

This audit program provides a solid framework for assessing a wide array of key internal controls that form a foundation of a well managed and secure AS/400 (iSeries, System i) / OS/400 (i5/OS, IBM i) environment. The audit program contains 56 controls across the following process areas: 

Batch & Online Processing
Controls to ensure that operations around scheduling (i.e. i5/OS Job Scheduler), performance, and monitoring (QSYSMSG, QSYSOPR, *MSGQ, *JOBQ, etc.) of the IT programs and processes in are adequately supervised (i.e. *JOBCTL) to ensure complete, accurate, & valid processing & recording of information in AS/400 (iSeries, System i) / OS/400 (i5/OS, IBM i).

Backup and Recovery

Controls to ensure that OS/400 (i5/OS, IBM i) files are appropriately included in the back up strategy and backed-up (‘GO BACKUP’, ‘WRKJOBSCDE’) to ensure data remains complete, accurate, and valid.

Physical Security

Controls to ensure that adequate physical security mechanisms are in place & operate effectively (access to the building & immediate surroundings of computer equipment, etc.).

Logical Security
Controls to ensure that AS/400 (iSeries, System i) / OS/400 (i5/OS, IBM i) system security settings are adequately configured and appropriately safeguarded to protect against unauthorized modifications that may result in incomplete, inaccurate, or invalid processing or recording of information:
  • Password settings (QMAXSIGN, QMAXSGNACN, QPWDRQDDIF, QPWDLVL, QPWDEXPITV, etc.)
  • Profiles with special authorities (*ALLOBJ, *IOSYSCFG, *SECADM, *SERVICE, etc.)
  • Use of adopted authority
  • Access to the Operations (iSeries) Navigator
  • Assessment of the security level of the operating system (QSECURITY)
  • Access to the command line, access to critical commands/utilities on the i5/OS (OS/400)
  • Access to the resources in the OS/400 (i5/OS, IBM i) Integrated File System
  • Object level security on the OS/400 (i5/OS, IBM i)
  • Communication services (STRTCP, STRTCPSVR; *IOSYSCFG & *ALLOBJ authorities, etc.)
  • Configuration of trust relationships between systems (QRMTSIGN, etc.)
  • Security of default profiles (IBM supplied profiles, etc.)
  • Audit events (QAUDCTL, QAUDLVL, QAUDENDACN, etc.) and much more.

Change Management & Control

Controls over acquisition, development or modification, and maintenance of the AS/400 (iSeries, System i) application system and OS/400 (i5/OS, IBM i) operating system software.

Everything has been conveniently pre-documented with fill-in fields for company-specific information (entity name, date, data extracted from the system, etc.) which will allow you to proceed with your assessment immediately.

Please view an excerpt from the audit program to ensure it's right for you.

Price: $50.00 (Instant Download)


Add to Cart
View Cart