Deleted users audit trails in AS/400

25 pts.
Tags:
AS/400
Audit trails
Scenario 1: I have been doing some cleanup of user profiles that have not logged in more than 365 days to satisfy a SOX Compliance issue. I am doing this across all of our Health facilities (57). IT Personnel from one of the facilities is concerned that they would lose the Audit trail for these user profiles if a problem should arise. I have performed at SAVSECDTA backup before I run the deletion script. I also create an outfile and query in all of the user profiles before I delete the targeted accounts and transfer it to an excel spreadsheet. Question 1: How do I assure him that patient data is not affected for the facility as we are only the targeting user profiles on the AS00. Scenario 2: A user profile has been deleted. A user profile for new employee with a similar name is created. The creator of the userid is not aware a previous userid had existed on the system and creates the userid. Question 2 How will these two user profiles affect the audit trail if they have the same naming convention? Scenario 3: Map accounts are accounts that the physicians, nurses, etc use to access patient information on the AS400/PULSE. To access this information the user never manually logs in to the AS400 so you will only see a creation date and never a last used date or signon date which makes it hard to determine if they are terminated users and can be deleted. The userid needs to exist on the AS400 in order to identify the user accessing the information. The user must exist on AD as well. Question 3: How do deleted physician’s user profiles affect the audit trail if a physician is being audited. Scenario 1: I have been doing some cleanup of user profiles that have not logged in more than 365 days to satisfy a SOX Compliance issue. I am doing this across all of our Health facilities (57). IT Personnel from one of the facilities is concerned that they would lose the Audit trail for these user profiles if a problem should arise. I have performed at SAVSECDTA backup before I run the deletion script. I also create an outfile and query in all of the user profiles before I delete the targeted accounts and transfer it to an excel spreadsheet. Question 1: How do I assure him that patient data is not affected for the facility as we are only the targeting user profiles on the AS00. Scenario 2: A user profile has been deleted. A user profile for new employee with a similar name is created. The creator of the userid is not aware a previous userid had existed on the system and creates the userid. Question 2 How will these two user profiles affect the audit trail if they have the same naming convention? Scenario 3: Map accounts are accounts that the physicians, nurses, etc use to access patient information on the AS400/PULSE. To access this information the user never manually logs in to the AS400 so you will only see a creation date and never a last used date or signon date which makes it hard to determine if they are terminated users and can be deleted. The userid needs to exist on the AS400 in order to identify the user accessing the information. The user must exist on AD as well. Question 3: How do deleted physician’s user profiles affect the audit trail if a physician is being audited.


Software/Hardware used:
AS400/iseries
0

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TheRealRaven
    Before anything useful can be discussed, what exactly is your "audit trail"?

    If you have some code that writes "audit" records to some table, possible answers will be different from if you rely on security audit journal receivers. Some parts get unclear such as when you reference 'SAVSECDTA' as a part of an "audit trail". (What good does that do in this context?)

    You have a few questions, but we need to know the audit structure before knowing how the questions fit.
    34,430 pointsBadges:
    report
  • ToddN2000
    Is there truly a need to remove the user profile rather than just disabling it? What we have done in the past is change the user profile to disable and the initial program called is *SIGNOFF. I have never been one to have generic profile for use my multiple users. That is not my call, but at least I have explained the risks of doing so to companies that choose to do this. I know it's easy for some applications to embed the login information for a connection string to connect remote apps to an i-Series. It makes me uneasy when they do this. Can you provide more info on your auditing need like Raven requested?
    131,550 pointsBadges:
    report
  • Splat
    Deleting user profiles that have been used is not wise in light of federal and state laws and regulations.

    You lose not only the system information but will no longer be able to  properly audit the data created and/or updated by the user.  

    We do not ever delete a profile on either the iSeries or other servers - we inactivate the profiles and should another, for example, John Smith come along we create a different profile & preserve the trail.
    12,865 pointsBadges:
    report
  • TheRealRaven
    It's not necessary to keep unused profiles for an audit trail as long as sufficient/appropriate audit system values are set and audit journal receivers are kept (or archived). There shouldn't be anything in the *USRPRF object that can't be determined from (sufficient/appropriate) system audit entries.

    Disabled profiles can still be used to call programs and run jobs, though a proper audit trail would indicate the usage.
    34,430 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: