First you have to define what unapproved means: 1. Is it a program that a programmer wrote 'just for the fun of it' 2. A third party freeware package from the cbttape or other source - I would assume that is what they want. 3. An ISV product.
If the 'unapproved' software requires APF authorization, then locking down the mechanisms to get APF authorization should go a long way. Other software can be effectively hidden in user load libraries. If you know what you're doing, it's not that difficult. Gadi -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Greg Dorner Sent: Wednesday, September 05, 2012 3:22 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Preventing the installation of "unapproved" software Man, the auditors came up with a new one! "Gap noted. Automated controls to prevent the installation of unapproved software were not documented." So I have been assigned the task of researching how to provide "Automated controls to prevent the installation of unapproved software". I'm hoping someone on the list has a clue to what could possibly do this. My brain already hurts thinking about it. Just thinking logically with my limited intellect tells me doing this is somewhat close to impossible. Any thoughts? I also accept rants and expletives. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN לשימת לבך, בהתאם לנהלי החברה וזכויות החתימה בה, כל הצעה, התחייבות או מצג מטעם החברה, מחייבים מסמך נפרד וחתום על ידי מורשי החתימה של החברה, הנושא את לוגו החברה או שמה המודפס ובצירוף חותמת החברה. בהעדר מסמך כאמור (לרבות מסמך סרוק) המצורף להודעת דואר אלקטרוני זאת, אין לראות באמור בהודעה אלא משום טיוטה לדיון, ואין להסתמך עליה לביצוע פעולה עסקית או משפטית כלשהי. Please note that in accordance with Malam's signatory rights, no offer, agreement, concession or representation is binding on the company, unless accompanied by a duly signed separate document (or a scanned version thereof), affixed with the company's seal. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
