Hi Greg, Invite the auditor to approve a presentation at a professional conference to show the steps and consequences of such a policy.
Should this be a problem, assign the auditors full responsibility for problems due to PE'd PTFs that would otherwise have been caught using your current maintenance scheme (the 30-day requirement problems verified/tracked by the PE date), then full speed ahead. SMP/E provides us a very good audit trail. There are also those poor folks who use the system. There will probably be substantially increased downtime, sysprog/dba/app/qa (perhaps even audit/security) time for all action+ items in a 30 day cycle versus your current scheme. The 2 metrics of increased downtime & personnel costs could be evaluated Application level risk, simply due to change, is another (albeit intertwined) metric, but receives little coverage, save for the disastrous examples, such as the recent BoS fiasco). Good Luck, Peter P.S. Is this a rolling 30 days? If so, the real period for installing service is less. </ Our auditors (Feds) say we need to apply all new PTF's within 30 days of availability. I'm speechless. Does anyone have the patience to form a cogent argument without laughing, crying, or tying one on? /> ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
