Database change auditing package previously available only for JD Edwards products now supported on standard IBM i platform.
ALL Out security announced at COMMON the availability of the TRACE V2 Auditing Package for the IBM i platform. Previous versions of TRACE were available only for users of JD Edwards EnterpriseOne and JDE World.
TRACE originally was developed to meet the reporting requirements of users of the standard JDE Database Audit Manager (DBAM) program. This feature of JDE was developed in 2004 to enable pharmaceutical customers to comply with the FDA regulation, 21 CFR Part 11, requiring controls and audit trails to be kept for software and systems involved in the processing of electronic data.
DBAM was version-specific and only collected data – it did'nt report it. TRACE V1 was specifically focussed on reporting over the collected data.
In addition, the DBAM and TRACE V1 combination addressed a wider requirement of JDE users who needed an audit solution that complemented the control solutions they had put in place as part of an overall compliance framework. More specifically, it answered the question, “What happened if the security systems were breached – intentionally, accidentally or maliciously?”
Security Systems Are Not Enough
There are numerous ways of controlling users –and lots of ways of securing a system.
JD Edwards itself has a sophisticated set of security features designed to control the activity of users.
Outside an application–there are many different security products that are designed to control the use of generic programs such as SQL and DFU, etc. At the recent COMMON conference there were a half dozen such solutions in evidence. But few adequately addressed the issues that the audit and compliance community requires –the need to record the activity of users, who, for various reasons— including completely legitimate ones—must circumvent the standard controls.
Typically, IT technical staff may need to make adjustments when a transaction has been corrupted. Or a user in a small branch may need to have access to a whole range of extremely sensitive programs that are normally separated in a head office environment – segregation of duty breaches.
But there is also the issue of fraud. And of course, users make mistakes.
And so, to meet these challenges, companies need an “after-the-event” activity auditing and database auditing tool.
TRACE V2 Is a Product for Auditors
TRACE is a packaged software that is specifically designed for the System i platform. It addresses all the major requirements of an audit solution:
- Auditor independence of IT – the data that is collected can be analyzed and reported on with no technical involvement.
- Compliance reporting–it produces physical pieces of paper for sign-off, so that management can be made responsible for the activities of their staffs.
- Data filtering–to address the issue that IT always raisees – “the volume problem – not enough disk.” And it includes automatic purging.
Trace therefore meets the requirements of the audit community.
Benefits for IT
The big pay-off for IT is the control provided by the advanced filtering options that limits the size of the data that is archived. The product does not use journaling to store the data.
In fact, the data is stored in a single, secure, archive to simplify system administration and reduce the disk space used.