|
|
Gwen Thomas, an editor of SOX-online, splits her time between the site (which is the world's largest Vendor-Neutral Sarbanes-Oxley Website) and consulting/writing. The site's vendor-neutrality should be obvious in our coverage and in our listings of Tools, News Stories, Press Releases - everywhere on the site.
In Ms. Thomas's many years of consulting work, she has also strived to maintain vendor neutrality. During her engagements over the past two years, however, clients have asked her to recommend a vendor - any vendor - who could solve some mainframe compliance problems.
How do we conduct a database audit for mainframe databases from a Governance or Compliance viewpoint? they would ask. How do we control legacy processes, which are manual and don't include preventative controls?
They would say they realize how important database controls are as a foundation to application controls. But how, they would ask, can we accomplish segregation of duties in a department of one or two database professionals? How, for example, they'd ask, can we make a copy of a DB2 database for our SAP test environment without coming OUT of compliance?
Many long months later, she was still wondering why the press was not giving any attention to this problem. Then SOX-online made the decision to start pointing out gaps in the compliance landscape.
So here are some articles and whitepapers and - finally - some answers to at some mainframe compliance problems.
Disclaimer: The name of Gwen Thomas's consulting firm is Data Governance, Inc. This firm is doing work for SOXTools, a vendor mentioned in some of this work. Because SOX-online is vendor-neutral, we'll be happy to post whitepapers or articles for any competitors to the mentioned products. (We weren't able to uncover anyone else addressing the mainframe compliance problems they address.) Just let us know.
Mainframe Compliance
|
|
|
