Folks,



for your amusement (?) or warning (!) here an excerpt (!) of questions the

PWC auditor want to get an answer ...

some comments have been inserted ...



A*    List of all new HP3000 logons ( users )  created in 2004  -  ( DISO

(=Security Organization of our customer)

call these 'accounts'  which is confusing for us in the MPE world ).



R*    List of all the requests for new logons to CDS2 (=application in

question) in 2004  -  they should

all have the DISO 2E included (specific form to ask for logons).



A*    More detailed evidence of how Passwords are maintained on the HP3000

by SEC/3000.   Evidence that we know what the general DISO

policy is on passwords,  and that SEC/3000 is following that policy.

All exceptions documented.   Andreas,  we will need more than what was in

the 'IT Takes Control for MPE' document you sent me and which I included in

the original assessment.



A*    List of ALL HP users from SEC/3000.    ( We originally sent a list of

just the DPC CDS2 users  -  she would like to see a full list ).



A*    Reports from VEAUDIT/3000  -  recent reports  -  actions taken  -

evidence that we are using it.



A*    The CSC Procdeure for Backups for the data centre - not just a

statement that we are following it for the HP3000.



A*    Where is the off-site store for tapes ?



A*    Evidence from the last 10 weekly and/or the last 3 monthly backups

for the HP3000 to prove we have done them.



A*    Logs / reports from SEC/3000 that show unsuccessful logons - how

often are they checked - by who.



R*   List of all Change Requests done in CDS2 for 2004



A*   procedures for Change Control for HP3000 - subset of full CPMT

procedures - or full procedure if there is nothing special for the HP3000.



A/R ? *   Report from Maestro of all jobs scheduled for CDS2



A/R ? *   Evidence of the procedure for changing job schedules in Maestro

is being followed



R*   Examples of how you are alerted of job failures by Maestro



R*   The auditor has request to see these documents from the list we

provided:

CDSII Manual I

CDSII Manual II

COE / IRK (version 1.0)  11-02-1991

EUROPEAN ORDER AND INVOICE SYSTEM – USER HOW MANUAL (JUNE 80)

MPE Operating System manuals



Be prepared!





Best regards,

Andreas Schmidt

CSC Managed Services GmbH

Global Infrastructure Services, Global Processing Engineering Services

DuPont-Strasse 1, Room 1-346

D-61352 Bad Homburg

Germany

Phone: +49 (0) 6172 / 87-2117 Fax -2195   DUCOM x951-2117

eMail: [log in to unmask]

HP e3000 Intranet Information at http://web1.cscbhg.dupont.com/web/hp3000/

Unix Intranet Information at http://bhghpx12.bhg.dupont.com/





----------------------------------------------------------------------------------------



This is a PRIVATE message. If you are not the intended recipient, please

delete without copying and kindly advise us by e-mail of the mistake in

delivery. NOTE: Regardless of content, this e-mail shall not operate to

bind CSC to any order or other contract unless pursuant to explicit written

agreement or government initiative expressly permitting the use of e-mail

for such purpose.

----------------------------------------------------------------------------------------

���:"��^j���+-�j�!��܆+��/܅����b��z�b��0�z���ey�������?��ڽ꿺��yۿj�!����w�M���m���