"Tango/04 gave us visibility and proactivity"
Comply with SOX Easily - And Prove It!
Tango/04's software solutions allow you to implement the internal auditing controls that you need to demonstrate your SOX compliance in record time, without the need for custom programming and with minimal resource usage.
VISUAL Message Center is unique in that all audit events can be managed from a central graphical console. By centralizing control of all security and operations events, you can generate business service views that reveal the real impact of any system or security event, so you can dedicate resources to solving the most critical issues first.
Our advanced security audit capabilities include:
- Record-level data auditing
- SQL usage reports
- Object access monitoring
- User activity surveillance
- Operating System audit events
- Control of critical processes
Audit reports can be created instantly in PDF or HTML format to demonstrate regulatory compliance. Potentially serious security events can trigger real-time alerts via email or mobile phone, to help you minimize risk.
Protect your Business Services. Comply with Regulations. Avoid Costly Penalties.
The Auditing Challenge
Congratulations! You have painstakingly developed an effective security policy, you have defined who should have access to which data and when, and you have been able to block most of your security gaps. You have emerged relatively unscathed from some tough audits, and you've achieved all of that with the same budget as last year. But it's not over yet: there is probably still a long list of items pending with areas that need tightening up, and those audits just keep getting tougher!
Auditors require that you have controls in place to ensure that your security policy is effectively implemented, both now and in the future. Regulations such as the Sarbanes-Oxley Act require that your company's executives certify the accuracy of financial reports - and that implies implementing additional controls in your applications and business processes!
Can you prove that only the accounting user group is accessing your salary files? Are you able to quickly trace data changes in your inventory file that are performed from outside your ERP application? How quickly do you know about unexpected changes to a system value or a network attribute on your iSeries?
Audit Controls by Tango/04
Designed according to industry standards for SOX implementation (CoBIT, ITIL and ISO 17799), VISUAL Message Center provides you with a quick and simple way to deploy a wide range of internal audit controls. You can demonstrate audit compliance with easily generated reports, and identify and resolve any violations of your security policy before they impact your business.
VISUAL Message Center uses a simple interface that greatly enhances the power and ease of use of OS/400 auditing capabilities, so you can quickly enable and optimize audit controls for:
- Data changes at record level (without using triggers)
- Object access, e.g. read, change or delete
- User activity, including command line auditing
- User profile management: profiles created, deleted, changed
- Operating System changes: system values, audit configuration, etc.
- SQL use, both interactive and batch
This allows you to implement the CoBIT controls associated with system security. However, other CoBIT controls that are relevant to SOX specify that your critical IT processes must also be controlled and monitored.
Beyond Security: A BSM Approach to SOX Compliance
Having implemented controls to gather audit data, you now have to process that data. This is where Tango/04's solution provides further innovation.
As the ultimate goal of SOX is to ensure that data processing outputs are accurate and correct, taking a Business Service Management (BSM) approach allows you to consolidate audit reports for critical processes, and to prioritize your resources to tackle the security events that most impact your business.
This is why Tango/04's security audit functionality is integrated with the VISUAL Message Center systems management solution, so you can also audit:
- Critical job status (backups, batch processing)
- Application errors that could impact data integrity
- System and application availability
- System performance
- Capacity planning
For example, you may have periodic processes that provide financial controllers with data to create your company's 10K and 10Q financial reports. With the BSM approach, you can monitor all the elements of that process that could potentially affect the data output: unexpected data changes, batch processing errors, untimely process completion, operating system integrity, and hardware status.
Audit information from all of these sources is consolidated into one or various graphical consoles. The SmartConsole centralizes management of all your iSeries systems and partitions, and can even integrate audit information from your Windows servers.