Change Management Software to be PCI compliant

41380 pts.
Tags:
AS/400
Change management
We are a small shop and need to implement change management controls to be PCI compliant. I had recommended Turnover, but it is too expensive for us. I am looking at MKS and ALDON. I do not know th prices for those yet. We have 4 developers and we use RPG & CL. We also need to promote other object types. Promotion to production must be done by someone in a different area. Looking for any and all suggestions. Postive & Negative.

Software/Hardware used:
AS400 V5R4

Answer Wiki

Thanks. We'll let you know when a new response is added.

I’ve been in Turnover and Aldon shops. The price is fairly comparable. I’m curious with only four developers what is your PCI level? If you are a level 3 or 4 you might be able to talk your PCI auditor into letting you get away with a homegrown change control system as long as it is administered and all PCI related code reviewed by someone that doesn’t code for production. If you can also can show that the production code cannot be accessed for update without management approval, that you maintain and track a copy of every version and that programmers don’t have any more than read access to production they might let this fly.

_____________________________

I’ve worked with the 3 you’ve mentioned and would rank MKS, Turnover, and Aldon in that order in terms of functionality and ease of use. From what i recall, the price is also in that order as well as the level of support. I’m at an Aldon shop now and the support is still sub standard compared to the other two but for a shop your size it may be ok.

Discuss This Question: 20  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • CharlieBrowne
    Our auditors are very strict. We do credit card processing for Credit Unions and Banks. I have been building a home grown system, but to put in the extra features for segragation of duties and otehr things we need, it will take more time than I have available.
    41,380 pointsBadges:
    report
  • TomLiotta
    From the three choices and your requirements, I doubt it will make much difference. We currently use TurnOver for the work that I do the most. I used MKS Implementer before coming here. And our new owner company uses Aldon (which I used a little many years ago). Even for our requirements, which go well beyond RPG & CL into creation of LPPs and SQL databases in more than 50 countries, any of them would work. In your case, I'd probably go with the least expensive. Maybe. Two things I'd want above all else as a user -- the ability to promote every object type that I anticipate using in, say, the next two years, and the ability to undo whatever I just managed to do. I (personally) wouldn't be quite so concerned about elements such as audit trails, but that's maybe because I'm going to trust i5/OS auditing more than a 3rd-party product. Various reports and productivity aids are great, as well as the structure that is enforced by CM. But if I have to prove something to an auditor, I'm going straight to QAUDJRN no matter what. Tom
    125,585 pointsBadges:
    report
  • BigKat
    I've never used MKS, but TurnOver seems to be the easier of the other two to use. I haven't been involved with setting either of them up though, and the fact it was easier may or maynot have been due to whoever did the setup did a better job. Guess I am not being too helpful (except maybe that it MIGHT be easier to setup TurnOver) :)
    8,350 pointsBadges:
    report
  • Martyacks
    Specific to the PCI standards, companies I work with also focus on encryption of change control data that is "in motion". While most data being transmitted for change management purposes would not logically contain personally identifiable information (PII) - like credit card numbers or social security numbers - one of the concerns PCI brings to table is that if any PII being transmitted on a network, all transmissions on that network must be encrypted. There are other approaches such as better isolation of the PII data traffic, but those are not always in place or nor practical. The most obvious place for change control related encryption is the transmission of software changes from a development system to a production or test server. The demand on the change management tool is to provide encryption of the data being sent to the target system. SSL and SSH are the most typical choices for IBM i users. Also, adapting to non IBM FTP products which have been chosen by customers for specific security features is also a common requirement. Also, with companies "modernizing" applications all components that relate to an IBM i application are no longer necessarily on an IBM i. Encrypted transmission of those components to and from different servers is equally important.. Secondly, other data that can hit a wire, such as communication with help desk or IT workflow tools that reside on other servers. This data is also typically targeted by companies for encryption. By the way, I am the product manager for Implementer at MKS. Marty Acks
    10 pointsBadges:
    report
  • DanD
    I should probably start a link with this but for now....if you're a PCI shop with iSeries your auditor will soon be requiring you to encrypt telnet to all in scope systems. IBM Client Access doesn't play well with SMS. Once you create your client key in DCM and download it to a desktop. If your Windows admin pushes an SSL enabled version of CA and or OpsNav to the desktop, they also need to get C:as400sslsslkeys. There will be three files(and the folders for the path) that you need to move with CA, cwbssldf.kdb, cwbssljavaca.jck and cwbssldf.sth. The reason I'm throwing this in is IBM doesn't support it and it was like pulling teeth to get one of them to tell me where the key files were.
    2,865 pointsBadges:
    report
  • JFraser
    In response to DanD's answer to CharlieBrowne... As Director of Technical Services at Aldon, I can tell you that providing the highest quality service is our mission statement. And I am always concerned when any customer feels that they cannot rank us at the top of the list. I would ask that you contact me directly to share what event or chain of events makes you feel that we are not providing you or your organization with the best support in the industry. I can be reached by dialing +1.510.839.3535 and asking for Joe Fraser.
    20 pointsBadges:
    report
  • DanD
    FYI That was Whatis23's improvement to my answer. I'm in an Aldon shop now and haven't heard anything negative about their support.
    2,865 pointsBadges:
    report
  • JFraser
    DanD, my apologies it was Whatis23 and the offer still stands. Thanks for the clarification.
    20 pointsBadges:
    report
  • CharlieBrowne
    Thanks for all the input so far. (Even from the Vendors) ;-) Does anyone know of other products besides these 3. And/Or any Shareware?
    41,380 pointsBadges:
    report
  • APM
    report
  • Rashaler
    Probably not the least expensive product compared to the traditional players in System i change management systems, but IBM has a new product known as Rational Team Concert for i ( RTCi ). It does a great job of managing mixed technologies. For example, we use a RPG, DB2 stored procedures and user defined functions and Java. RTCi manages these mixed technology components very gracefully with a single interface.
    10 pointsBadges:
    report
  • Yantzi
    I was going to mention RTCi but Rashaler beat me to it. You can get some more information on it here: http://www-01.ibm.com/software/awdtools/rtci/ and here: http://www-949.ibm.com/software/rational/cafe/community/rpg/rtci?view=documents Like Rashaler said, RTCi can handle native IBM i development (RPG, COBOL, CL, DDS, SQL, etc...) as well as Java, PHP, HATS, EGL, and .NET (there is a Visual Studio client). RTCi is built on the jazz.platform. You can get lots of information on RTC and jazz at jazz.net. We are working on adding more content specific to IBM i development there. Regarding the pricing, the Express edition prices are here (or click on Express edition link above then the Ready to Buy button to see the price list). https://www-112.ibm.com/software/howtobuy/buyingtools/paexpress/Express?P0=E1&part_number=D06SBLL,D06S9LL,D06QWLL&catalogLocale=en_US&locale=en_US&country=USA&PT=html Don Yantzi Product Manager, Rational Team Concert for i
    20 pointsBadges:
    report
  • Yantzi
    Hmm, copy and paste didn't work so well :( Here are those links without HTML formatting: http://www-01.ibm.com/software/awdtools/rtci/ http://www-949.ibm.com/software/rational/cafe/community/rpg/rtci?view=documents https://www-112.ibm.com/software/howtobuy/buyingtools/paexpress/Express?P0=E1&part_number=D06SBLL,D06S9LL,D06QWLL&catalogLocale=en_US&locale=en_US&country=USA&PT=html
    20 pointsBadges:
    report
  • Asht
    I would agree with the DanD answer. We have been using MKS for quite some time and I find it very user friendly to use the application. We did look into Aldon and softLanding and after careful consideration, we considered to opt for MKS. We use Lansa on our site and we move these objects also.
    10 pointsBadges:
    report
  • GJacques
    Chrono-Logic offers a complete change management solution at a very good price. The iAM software supports all source and object types (RPG, CL, Cobol, IFS, LANSA, ...) and is very easy to configure and to use. It controls and automates promotion of souces and objects while providing all necessary audit reports. www.chrono-logic.com 450 227-7940
    25 pointsBadges:
    report
  • Gf4
    You might also consider a user-based license of the PDE/400 product. It's easy to use and is a solid basic system that won't break the bank.
    10 pointsBadges:
    report
  • WimJ
    Hi Charlie, There is also the European SCM product that we create. It is called TD/OMS and the site is here. http://www.remainsoftware.com. The software is provided by Unbeaten Path. http://www.unbeatenpath.com/software/taad/TightasaDrum.pdf You can reach us at sales@remainsoftware.com if you want to talk about the possibilities. Best regards, Wim Jongman
    10 pointsBadges:
    report
  • Cisbeo
    Hi, we use MEX/400 change management control tool for our iseries applications. It is really cheap and easy to use. R&D team is very good ans iseries specialists for a long time. It is a french software provider which great references like PSA PEUGEOT CITROEN, BNP PARIS BAS, FIAT, etc ...
    10 pointsBadges:
    report
  • kitvb1
    ChangefIT is another free CMS, there is an (optional) upgrade facilty which costs very little. This should cater for most needs, but is definitely not in the league of the better known products. It was made public only in Dec 08, so is still pretty new.
    40 pointsBadges:
    report
  • CharlieBrowne
    WOW, I did not expect this much response. Thanks everyone. We expect to make a final decision within the next 1 or 2 weeks. I believe we will go with MKS,
    41,380 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following