Partner TechTip: The Auditor Needs to See WHAT?

System Administration
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

PowerTech Compliance Monitor v3.0 ushers in the next generation of advanced audit reporting for IBM i.


Audits are a way of life in today's regulated world. Whether it's Sarbanes-Oxley (SOX), the Payment Card Industry (PCI), or the multitude of other government and industry standards, few organizations escape the reach of one or more of these regulations. Unfortunately, there are few things that drive fear into the heart of IT personnel more than the arrival of an auditor: "What are they going to ask to see?" "Do I have to explain what *JOBCTL means again?" "How can I get all my normal work done when I have to figure out how to report on the very information that will be used to penalize me?"


Anyone who has survived an IT audit will agree that there are two main challenges with the process. First, auditors often speak a different "language" from the staff charged with maintaining and securing these systems. Auditors are trained in general IT standards like COBIT, compensating controls, and regulatory compliance. In contrast, security officers and administrators understand special authorities, public access, and system values. Second, an auditor typically is there to find issues with your configuration rather than help with risk evaluation and mitigation. This is complicated further when the auditor doesn't understand the nuances of IBM i—or the hardware on which it runs—and simply requests one report after another.


To minimize the impact of an audit, and the common challenges that it entails, you can turn to PowerTech's Compliance Monitor. Powerful reporting capabilities make light work of generating the information that auditors need to see, including scorecards of policy compliance, numerous configuration measurements, and forensic analysis of the IBM i security audit journal. In addition, Compliance Monitor links to an extensive Compliance Guide that's designed to help bridge the gap between the two camps by explaining popular audit standards and providing recommendations for best practices.


As you sip your coffee and read this article, Compliance Monitor  version 3 is shipping, marking the official arrival of the next iteration of the most powerful reporting solution available for IBM i.


Compliance Monitor 3 eliminates the need to install custom software on the console PC, making information even more accessible to authorized users—including auditors! In its place, you'll find a powerful browser-based interface that makes it easy to specify report requirements and to present the collected information (see Figure 1).



Figure 1: PowerTech Compliance Monitor 3 offers a new browser-based interface that simplifies audit reporting. 


Compliance Monitor 3 also provides an "intelligent" pre-checker utility that helps you verify that your server meets the requirements for the new version. You can run the pre-checker in advance so your install (or upgrade from a previous version) proceeds successfully. A new automated install process performs most of the necessary configuration, so you can be up and running faster and generating reports sooner. Additionally, a number of infrastructure enhancements translate into better performance and improved reliability.


Compliance Monitor 3 adds several new reports to its already extensive resume, including a predefined report category designed exclusively to help gaming organizations comply with Nevada's Minimum Internal Control Standards (MICS). Other new reports cover security system values added in IBM i 6.1, native and IFS object reports, and authority adoption information.


Of course, all the powerful features that previously established Compliance Monitor as the premier audit solution—consolidated reporting across partitions, compliance scorecards, scheduled collections, and powerful filtering and forensic analysis of audit journal events—are still there in Version 3.


You might think we're going to sit back and relax after all this excitement, but we feel that an investment in PowerTech solutions is an ongoing investment. We've already identified additional exciting enhancements for the entire product suite, and our development team is dedicated to maintaining the momentum.


For more information on Compliance Monitor, click here. And don't forget to check out the other products in the PowerTech line of security solutions.

as/400, os/400, iseries, system i, i5/os, ibm i, power systems, 6.1, 7.1, V7,