Today’s security requirements can overwhelm even the most organized IT department. Payment Card Industry (PCI), General Data Protection Regulation (GDPR), and Sarbanes-Oxley (SOX) auditors demand proof of compliance on critical systems. Compliance Monitor™ eases the burden of compliance, letting programmers, analysts, and system managers focus on projects that drive your business forward.
Simplified Audit Reporting
Compliance Monitor gathers a broad set of audit and security data from your Power Systems™ running IBM i. Its easy-to-use web interface lets you select, run, and view the reports you want to see, including:
- System Values
- User Profiles
- Object Authorities
- Security Audit Journal (QAUDJRN) log data
- HelpSystems Network Security Log Data (FTP, ODBC)
- HelpSystems Authority Broker Log Data (privileged users)
All report types can consolidate data from multiple systems into single reports to make it easier to review reports and compare systems.
SOX and PCI Compliance
Compliance Monitor includes recommended sets of compliance reports and explains IBM i concepts for auditors and security staff. An interactive Compliance Guide maps security issues to common industry frameworks and standards, such as:
- PCI DSS
- ISO 27002 (17799)
- NIST Special Publication 800-53
Document your organization's efforts to comply with the General Data Protection Regulation (GDPR). Compliance Monitor includes a set of reports designed for this law's requirements.
Gaming (MICS) Reporting
Compliance Monitor provides a set of reports designed to help you meet Minimum Internal Control Standards (MICS) gaming compliance reporting guidelines.
Compliance Monitor lets you define and display just the information you need. Flexible filters allow you to generate the reports that you and your auditors want (including SQL queries) at a lower cost than developing and writing custom code.
“Compliance Monitor handles all our reporting requirements, and being able to design, test, and use our own reports is great. We use it to specify our own security policy and cross check against it automatically—that's the great feature that really makes sense.” –Paul Ballew Data Processing Incorporated Sr. Vice President and IT Manager
You can decrease report review time dramatically by showing only exceptions to policy. The default policy included with Compliance Monitor is based on HelpSystems-recommended best practices. You can easily create customized policies for your organization, or for each system.
PDF, Excel, and CSV Export
You can export Compliance Monitor reports to Adobe PDF, Microsoft Excel, or comma-separated value (CSV) formats.
Compressed Audit Journal Storage
With Compliance Monitor’s innovative log aggregation architecture, audit journal data is stored compressed (up to 95%) on a central consolidator system. You can store months of audit records without using extra disk space. For example, you can effectively monitor all 74 IBM-type T events from QAUDJRN, including common events, such as:
- Object changes, reads, creations, deletions
- User profile changes
- Commands used
- User and password login failures
- System value changes
Schedule your assessments to run at regular times and distribute the reports to selected recipients automatically
By arranging systems in logical groups, you can launch assessments of multiple servers with one command.
Management can track compliance status for each system using a one-page scorecard view with numerical ratings.