As a publicly traded company with a lean IT department, C&D Technologies has been greatly impacted by Sarbanes-Oxley (SOX) regulations. Despite its size, the IT department needed to comply with these regulations through better user management, monitoring, and reporting.
C&D Technologies is a leading supplier of products for reserve power systems, electronic power supplies, and material handling systems. They use the AS/400 and System i5 platform to run their ERP system for financial data. But with only one system operations manager, plus a programmer analyst acting as a backup operator, the company wasn’t in compliance.
Audit Exposes Compliance Holes
SOX auditors insist on a separation of duties and a good paper trail, and their AS/400 audit raised a concern that the backup system operator had unlimited access and change rights to objects on the production system.
To address this concern, the IT department needed to find a solution that would enable the programmer analyst to continue working efficiently as the backup operator for the small department, while reducing the number of powerful profiles. In addition, they needed to provide the documentation and audit trail required for SOX compliance.
Finding an AS/400 Audit Tool
C&D Technologies chose Powertech Authority Broker for IBM i to meet their SOX security and reporting requirements. With Powertech Authority Broker for IBM i installed, they passed their first AS/400 SOX audit with flying colors.
"[Powertech Authority Broker for IBM i] provided the separation of duties that SOX auditors are looking for," says Jim Leonard, Director of IT Business Applications. "I receive an alert what a user swaps into a powerful profile as well as a daily report that I can print out and keep on file for my upcoming audits—auditors love a paper trail!"
Powertech Authority Broker for IBM i enabled the IT department at C&D Technologies to stay small, while still complying with regulations. Using Powertech Authority Broker for IBM i's role swap, the backup operator can still complete daily job functions efficiently. His activity is tracked and logged to a secure audit journal that cannot be modified. Management can easily review object-level changes and sign off on reports that can be kept on file for SOX auditors.
AS/400 SOX Reporting
C&D Technologies uses Powertech Authority Broker for IBM i’s flexible reporting capabilities to create daily reports for management review. "Authority Broker emails me a daily report that I keep on file for my upcoming audits," explains Leonard. And using the product’s custom alert interface, they also wrote a simple program that sends an alert to a manager’s cell phone every time a users swaps into the powerful profile.
Now that the C&D Technologies has cleared the initial hurdle of SOX compliance, they are looking into other ways to use the versatility and power of HelpSystems Security Solutions.
Lessen the risk of data loss and corruption with privileged user management software. Find out how Powertech Authority Broker for IBM i can enhance your system security.