Subject: | |
From: | |
Reply To: | |
Date: | Fri, 27 Aug 2004 09:03:53 +0200 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Folks,
for your amusement (?) or warning (!) here an excerpt (!) of questions the
PWC auditor want to get an answer ...
some comments have been inserted ...
A* List of all new HP3000 logons ( users ) created in 2004 - ( DISO
(=Security Organization of our customer)
call these 'accounts' which is confusing for us in the MPE world ).
R* List of all the requests for new logons to CDS2 (=application in
question) in 2004 - they should
all have the DISO 2E included (specific form to ask for logons).
A* More detailed evidence of how Passwords are maintained on the HP3000
by SEC/3000. Evidence that we know what the general DISO
policy is on passwords, and that SEC/3000 is following that policy.
All exceptions documented. Andreas, we will need more than what was in
the 'IT Takes Control for MPE' document you sent me and which I included in
the original assessment.
A* List of ALL HP users from SEC/3000. ( We originally sent a list of
just the DPC CDS2 users - she would like to see a full list ).
A* Reports from VEAUDIT/3000 - recent reports - actions taken -
evidence that we are using it.
A* The CSC Procdeure for Backups for the data centre - not just a
statement that we are following it for the HP3000.
A* Where is the off-site store for tapes ?
A* Evidence from the last 10 weekly and/or the last 3 monthly backups
for the HP3000 to prove we have done them.
A* Logs / reports from SEC/3000 that show unsuccessful logons - how
often are they checked - by who.
R* List of all Change Requests done in CDS2 for 2004
A* procedures for Change Control for HP3000 - subset of full CPMT
procedures - or full procedure if there is nothing special for the HP3000.
A/R ? * Report from Maestro of all jobs scheduled for CDS2
A/R ? * Evidence of the procedure for changing job schedules in Maestro
is being followed
R* Examples of how you are alerted of job failures by Maestro
R* The auditor has request to see these documents from the list we
provided:
CDSII Manual I
CDSII Manual II
COE / IRK (version 1.0) 11-02-1991
EUROPEAN ORDER AND INVOICE SYSTEM – USER HOW MANUAL (JUNE 80)
MPE Operating System manuals
Be prepared!
Best regards,
Andreas Schmidt
CSC Managed Services GmbH
Global Infrastructure Services, Global Processing Engineering Services
DuPont-Strasse 1, Room 1-346
D-61352 Bad Homburg
Germany
Phone: +49 (0) 6172 / 87-2117 Fax -2195 DUCOM x951-2117
eMail: [log in to unmask]
HP e3000 Intranet Information at http://web1.cscbhg.dupont.com/web/hp3000/
Unix Intranet Information at http://bhghpx12.bhg.dupont.com/
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
----------------------------------------------------------------------------------------
:"^j+-j!܆+/܅bzb0zey?ڽ꿺yۿj!wMm
|
|
|