In this and other matters there is a historic distinction between leading- and trailing-edge mainframe shops.
Leading-edge mainframe shops are now much less common than they once were, probably because many mainframe shops have been marked for replacement. What can be said is that the reflexive, automatic application of all of the PTFs that IBM generates is ill-advised or worse. Some of them have in the past been incompatible and will be again; many of them are hardware-configuration and software-level dependent; some of them are controversial, implement policies unacceptable to some shops; etc., etc. For these and other, similar reasons filtering judgments that identify which PTFs to apply and which to ignore are not just desirable; they are inescapable. Taken literally, this particular recommendation is nonsense. My own experience with auditors has not, however, been that they are all clots. It has been that the more senior, partner-level men and women among them are 1) aware that simple, rigid rules are seldom helpful in complex situations and 2) open to discussion. Auditors are, legitimately, preoccupied with computer security, and some PTFs address security issues. In the current climate a formal procedure for recording a decision not to apply a PTF (and noting a supporting reason code for this decision) should be in place. Moreover, a policy that 'ages' all PTFs for, say, 60 days is at least as simple-minded as one that applies them unthinkingly. John Gilmore, Ashland, MA 01721 - USA ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
