>>VIEW ALL POSTS  

The iSeries Blog

« Lotus Notes and Domino 8 now widely available
Beware: The pitfalls of the System i 515 »
Aug 20 2007   10:12AM GMT

SOX compliance also part of iSeries administration

Adam Trujillo Profile: Atrujillo

Another reader recently chimed-in on Establishing user accountability in AS400, an expert iSeries security response from Carol Woodbury. Thanks to “KrillDog” for the info!

In terms of SOX regulations and their recommended “best practices” efforts on segregation of duties, the iSeries Security Administrator position (if established) should manage the QSECOFR password. If the actual QSECOFR profile is required by a System Administrator, say for a system upgrade, an actual request is filled out with the reason for required QSECOFR access and submitted to the SecAdmin for approval and account activation. This provides evidence of an actual request from an approved user and then the audit journal records can be processed and attached to the request (on-line or hard-copy). This is the process I had to establish to prevent random access with the QSECOFR profile.

Comment     RSS Feed     Email a friend

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: