Tango/04's software solutions allow you to implement the internal auditing controls that you need to demonstrate your SOX compliance in record time, without the need for custom programming and with minimal resource usage. Our VISUAL Security Suite is unique in that all audit events can be managed from a central graphical console. By centralizing control of all security and operations events, you can generate business service views that reveal the real impact of any system or security event, so you can dedicate resources to solving the most critical issues first.

The Auditing Challenge Audit Controls by Tango/04 Beyond Security: a BSM approach to SOX compliance Case Study: Henry Schein Free SOX Compliance white paper. Download it now! COBIT Control Objectives

Our advanced security audit capabilities include:

Record-level data auditing SQL usage reports Object access monitoring User activity surveillance Operating System audit events Control of critical processes

click to enlarge

Audit reports can be created instantly in PDF or HTML format to demonstrate regulatory compliance. Potentially serious security events can trigger real-time alerts via email or mobile phone, to help you minimize risk.

Protect your Business Services. Comply with Regulations. Avoid Costly Penalties.

The Auditing Challenge

Congratulations! You have painstakingly developed an effective security policy, you have defined who should have access to which data and when, and you have been able to block most of your security gaps. You have emerged relatively unscathed from some tough audits, and you've achieved all of that with the same budget as last year. But it's not over yet: there is probably still a long list of items pending with areas that need tightening up, and those audits just keep getting tougher!

Auditors require that you have controls in place to ensure that your security policy is effectively implemented, both now and in the future. Regulations such as the Sarbanes-Oxley Act require that your company's executives certify the accuracy of financial reports - and that implies implementing additional controls in your applications and business processes!

Can you prove that only the accounting user group is accessing your salary files? Are you able to quickly trace data changes in your inventory file that are performed from outside your ERP application? How quickly do you know about unexpected changes to a system value or a network attribute on your iSeries?

Audit Controls by Tango/04

Designed according to industry standards for SOX implementation (CoBIT, ITIL and ISO 17799), VISUAL Security Suite provides you with a quick and simple way to deploy a wide range of internal audit controls. You can demonstrate audit compliance with easily generated reports, and identify and resolve any violations of your security policy before they impact your business.

VISUAL Security Suite uses a simple interface that greatly enhances the power and ease of use of OS/400 auditing capabilities, so you can quickly enable and optimize audit controls for:

Data changes at record level (without using triggers) Object access, e.g. read, change or delete User activity, including command line auditing User profile management: profiles created, deleted, changed Operating System changes: system values, audit configuration, etc. SQL use, both interactive and batch

click to enlarge

This allows you to implement the CoBIT controls associated with system security. However, other CoBIT controls that are relevant to SOX specify that your critical IT processes must also be controlled and monitored.

Beyond Security: A BSM Approach to SOX Compliance

Having implemented controls to gather audit data, you now have to process that data. This is where Tango/04's solution provides further innovation.

As the ultimate goal of SOX is to ensure that data processing outputs are accurate and correct, taking a Business Service Management (BSM) approach allows you to consolidate audit reports for critical processes, and to prioritize your resources to tackle the security events that most impact your business.

This is why Tango/04's security audit functionality is integrated with the VISUAL Message Center systems management solution, so you can also audit:

Critical job status (backups, batch processing) Application errors that could impact data integrity System and application availability System performance Capacity planning

click to enlarge

The SmartConsole and Reporting System allow you to generate Business Views, so that you can see the impact of any security or operational event on your critical business processes.

For example, you may have periodic processes that provide financial controllers with data to create your company's 10K and 10Q financial reports. With the BSM approach, you can monitor all the elements of that process that could potentially affect the data output: unexpected data changes, batch processing errors, untimely process completion, operating system integrity, and hardware status.

Audit information from all of these sources is consolidated into one or various graphical consoles. The SmartConsole centralizes management of all your iSeries systems and partitions, and can even integrate audit information from your Windows servers.

Case Study: Henry Schein

Henry Schein, Inc. (Nasdaq, HSIC), is a Fortune 500 distributor of healthcare products based in Melville, New York, that uses VISUAL Security Suite to implement SOX audit controls in its iSeries environment.

The IT department uses it to obtain instant reports of *SECOFR user profile activity, changes to system value and network attributes, the use of Dedicated Service Tools, and access to sensitive objects. Instant e-mail alerts are generated for any potentially suspicious activity.

Henry Schein also uses Tango/04 VISUAL Message Center to ensure the operational health of its IT infrastructure. Security, performance and operations events are controlled from the same central graphical console.