Audit Program and Testing Procedures for AS/400 (iSeries, System i) & OS/400 (i5/OS, IBM i)

This audit program is designed to help audit, risk & security professionals facilitate the review of the AS/400 (iSeries, System i) & OS/400 (i5/OS, IBM i) control environment. It'll help you identify any inherent risks, minimize exposure to such risks, ensure that necessary controls are in place & operate effectively, and ascertain reliability of the AS/400 (iSeries, System i)/OS/400 (i5/OS, IBM i) system subject to your assessment.

This audit program is based on the latest auditing standards. It contains a comprehensive listing of control objectives and recommended controls to meet the objectives; interview topic recommendations and control documentation recommendations. The audit program also contains detailed testing procedures, rather than generic descriptions of the controls & the tests to be performed. You'll receive step-by-step instructions (commands) on extracting information from the system in support of individual control activities.

*NOTE* See below for more details. Also, use "preview" icon to take a look inside (view a part of the audit program) to ensure it's right for you.

Audit Programs

This audit program covers all principal process areas in IT and provides a solid framework for assessing a wide array of key internal controls (56 controls) that form a foundation of a well managed and secure AS/400 (iSeries, System i) / OS/400 (i5/OS, IBM i) environment.

Control framework overview:

Batch & Online Processing - controls to ensure that operations around scheduling (i.e. i5/OS Job Scheduler), performance, and monitoring (QSYSMSG, QSYSOPR, *MSGQ, *JOBQ, etc.) of the IT programs & processes in are adequately supervised (i.e. *JOBCTL) to ensure complete, accurate, & valid processing & recording of information in AS/400 (iSeries, System i) / OS/400 (i5/OS, IBM i).

Backup and Recovery - controls to ensure that OS/400 (i5/OS, IBM i) files are appropriately included in the back up strategy and backed-up (‘GO BACKUP’, ‘WRKJOBSCDE’) to ensure data remains complete, accurate, and valid.

Physical Security - controls to ensure that adequate physical security mechanisms are in place & operate effectively (access to the building & immediate surroundings of computer equipment, etc.).

Logical Security - controls to ensure that AS/400 (iSeries, System i) / OS/400 (i5/OS, IBM i) system security settings are adequately configured and appropriately safeguarded to protect against unauthorized modifications that may result in incomplete, inaccurate, or invalid processing or recording of information:

Password settings (QMAXSIGN, QMAXSGNACN, QPWDRQDDIF, QPWDLVL, QPWDEXPITV, etc.)
Profiles with special authorities (*ALLOBJ, *IOSYSCFG, *SECADM, *SERVICE, etc.)
Use of adopted authority
Access to the Operations (iSeries) Navigator
Assessment of the security level of the operating system (QSECURITY)
Access to the command line, access to critical commands/utilities on the i5/OS (OS/400)
Access to the resources in the OS/400 (i5/OS, IBM i) Integrated File System
Object level security on the OS/400 (i5/OS, IBM i)
Communication services (STRTCP, STRTCPSVR; *IOSYSCFG & *ALLOBJ authorities, etc.)
Configuration of trust relationships between systems (QRMTSIGN, etc.)
Security of default profiles (IBM supplied profiles, etc.)
Audit events (QAUDCTL, QAUDLVL, QAUDENDACN, etc.) and much more.

Change Management & Control - controls over acquisition, development or modification, and maintenance of the AS/400 (iSeries, System i) application system and OS/400 (i5/OS, IBM i) operating system software.

Everything has been conveniently pre-documented with fill-in fields for company-specific information (entity name, date, data extracted from the system, etc.) which will allow you to proceed with your assessment immediately.

Please refer to the "preview" icon above to take a look inside (view a part of the audit program) to ensure it's right for you.

Price: $40.00 (Instant Download)