Connecting Sarbanes to Oxley

Connecting Sarbanes to Oxley

Faye WindhorstLandauer, Inc.14th NATURAL ConferenceOctober, 2006

Background

1970

2006

VSAM

ADABAS

Background 14:02:41 ***** NATURAL LIST COMMAND ***** 2006-08-02 User FAYE - LIST Objects in a Library - Library FIXLIB Cmd Name Type S/C SM Version User ID Date Time --- ACCT*____ *__________ *__ * *______ *________ *__________ *________ __ ACCTDTFX Program S/C S 4.1.03 BENT 2005-05-19 09:48:56 __ ACCTFIX Program S/C R 3.1.04 TOMC 2002-10-30 15:20:31 __ ACCTFXDT Program S/C S 4.1.03 FAYE 2005-08-17 12:59:26 __ ACCTJKS Program S R 2.2.08 JKIE 1997-12-31 16:02:30 __ ACCTMAST Program S S 2.2.08 FAYE 1998-01-29 16:12:12 __ ACCTSEL1 Program S/C S 3.1.04 FAYE 2002-05-21 14:30:53 __ ACCTSEL2 Program S/C S 3.1.04 FAYE 2002-05-21 10:32:17 __ ACCTSEL3 Program S/C S 3.1.04 FAYE 2002-05-24 07:55:13 __ ACCTSERV Program S S 2.2.08 FAYE 1998-01-09 08:37:34 __ ACCTTEST Program S/C S 2.1.07 BENT 1992-05-14 11:37:23 10 Objects found Top of List. Command ===> Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12--- Help Print Exit Sort -- - + ++ > Canc

Background

07/30/06 ***** Landauer, Inc. ***** ISMNTP1 14:16 - File Maintenance Menu 1 - ISMNTM1 Code System/Function/Explanation

A Account Master (80) B Account Master Control Record (80) C Dosimeter (72)

D Dosimeter Component (73) E Participant Master (81) F Process Menu H Report Master (99) I N144 Etching Tray (78) J N144 Cross Reference (79) K Credit Dosimeter Return (45) L Ship Date Table (101)

Enter code: __

Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12--- help retrn main quit NxtMn flip

Background

Background

Problem

The Solution

Existing CON-STRUCTprogram

ADABASAudit table

?

The Solution

14:33:42 ***** NATURAL LIST COMMAND ***** 2006-08-02 User FAYE - List DDM ACCOUNT-MASTER-ALL - Library FIXLIB

DDM DBID 0 DDM FNR 80 VSAM Name Default Sequence Page 1 T L DB Name F Leng S D Remark - - -- -------------------------------- - ---- - - ------------------------

1 AA ACCT-NBR P 6.0 Account number 1 AB ACCT-SER-CODE A 3 Account series code 1 AC REC-DEL-IND A 1 Record deleted indicator 1 AD TERR-CODE A 1 N Account sales territory 1 AE STATE-CODE A 2 N State code. 1 AF ACCT-NAME A 23 N Account name 1 AG ACCT-LICENSEE-NAME A 16 N Account licensee name 1 AH ACCT-LICENSEE-NBR A 15 N Account licensee number 1 AI ACCT-REG-NBR A 7 N Account registration number 1 AJ ACCT-EXPOS-RPT-CPY A 2 N Account exposure report copy 1 AK ACCT-EXPOS-RPT-DUP-DEST A 1 N Account duplicate exposure report dest 1 AL ACCT-MREM-OVEXP-DEEP A 5 N Account over exposure MREM

Top of List.

The Solution


PLOG

SPATs

The Solution


READ For UPDATE Capture Before Image

Apply changes to updateview

UPDATE

Capture After Image

The Solution

User FAYE - List DDM AUDIT-LOG - Library FIXLIB DDM DBID 0 DDM FNR 139 VSAM Name Default Sequence Page 1 T L DB Name F Leng S D Remark - - -- -------------------------------- -- ---- - - ------------------------ 1 AA AUDIT-FUNC A 1 F Action or function against data 1 AB AUDIT-ACTIV A 2 F Activity effecting change 1 AC AUDIT-AUTH-CODE A 20 N 1 AD AUDIT-DATE N 8.0 N 1 AE AUDIT-PROG A 32 N 1 AF AUDIT-TIME N 7.0 N 1 AG AUDIT-USER A 32 N 1 AH AUDIT-VIEW-NAME A 32 N M 1 AJ AUDIT-IMAG A 250 Image of record being audited (30 Occur) M 1 AK AUDIT-IMAG-TWO A 250 Secondary image of record being audited (30 Occur)

The SolutionCode Frame ......... CUFMC22 SIZE 40000

Description ........ FILE MAINTENANCE CODE - MISC. SUBROUTINES FREE 88705

> > + ABS X X-Y _ S 500 L 325

....+....1....+....2....+....3....+....4....+....5....+....6....+....7.. T C

IF UPDATE-VIEW.&PRIME-PREFIX&LOG-COUNTER NE "

&PRIME-FILE.&PRIME-PREFIX&LOG-COUNTER THEN "

RESET #RECORD-DISPLAYED "

BACKOUT TRANSACTION "

USE-MSG-NR 3

REINPUT *8010 ALARM /* Intervening change, please try again "

ELSE 3

REINPUT 'Intervening change, please try again' ALARM "

RETURN-TO-CONDITION 2

END-IF "

RETURN-TO-CONDITION 1

ASSIGN #UPDATE-PERFORMED = TRUE "

* Landauer capturing before image

AUDIT-FUNC := #ACTION

AUDIT-IMAG-TYPE := 'BEFORE'

PERFORM AUDIT-PURGE-MODIFY-RTN

*

PURGE-ACTION-SELECTED 2

....+....1....+....2....+....3....+....4....+....5....+....6....+....7.. T

The Solution************************************************************************

DEFINE SUBROUTINE AUDIT-PURGE-MODIFY-RTN

************************************************************************

IF AUDIT-FUNC = 'M' THEN

AUDIT-FUNC := 'C'

END-IF

IF AUDIT-FUNC = 'P' THEN

AUDIT-FUNC := 'D'

END-IF

IF AUDIT-IMAG-TYPE = 'BEFORE' THEN /* always do this on before images

AUDIT-PROG := *PROGRAM

AUDIT-USER := *USER

AUDIT-DATE := *DATN

AUDIT-TIME := *TIMN

AUDIT-VIEW-NAME := '&PRIME-FILE'

AUDIT-Y := AUDIT-LOOP-LIMIT - 1 /* must stop on last full element

FOR AUDIT-X = 1 TO AUDIT-Y

AUDIT-IMAG (AUDIT-X) := CHUNK1 (AUDIT-X)

END-FOR /* (0200)

AUDIT-IMAG (AUDIT-X) := CHUNK1X

END-IF

The Solution

IF AUDIT-IMAG-TYPE = 'AFTER' THEN /* always do this on after images



AUDIT-IMAG-TWO (AUDIT-X) := CHUNK1 (AUDIT-X)

END-FOR

AUDIT-IMAG-TWO (AUDIT-X) := CHUNK1X

END-IF

IF AUDIT-IMAG-TYPE = 'AFTER' OR /* write audit if after image

AUDIT-IMAG-TYPE = 'BEFORE' AND /* or before image on a purge

AUDIT-FUNC = 'D' THEN

AUDIT-ACTIV := AUDIT-ACTIV-FRZ

STORE AUDIT-LOG

RESET AUDIT-LOG

AUDIT-X

AUDIT-Y

END-IF

END-SUBROUTINE /* audit-purge-modify-rtn

The Solution

************************************************************************

DEFINE SUBROUTINE AUDIT-ADD-RTN

************************************************************************

AUDIT-PROG := *PROGRAM

AUDIT-USER := *USER

AUDIT-DATE := *DATN

AUDIT-TIME := *TIMN

AUDIT-FUNC := 'A'

AUDIT-VIEW-NAME := '&PRIME-FILE'



AUDIT-IMAG-TWO (AUDIT-X) := CHUNK (AUDIT-X)

END-FOR

AUDIT-IMAG-TWO (AUDIT-X) := CHUNKX

AUDIT-ACTIV := AUDIT-ACTIV-FRZ

STORE AUDIT-LOG

RESET AUDIT-LOG

AUDIT-X

AUDIT-Y

END-SUBROUTINE /* audit-add-rtn

The Solution

* Primary file being maintained on the INPUT statement.

01 &PRIME-FILE VIEW OF &PRIME-DDM

PRIME1 U

NOT PRIME-FILE-IS-DB2 OR NOT KEY-IS-A-SUPER 1

NEXT-ACTION-SELECTED OR ADD-ACTION-SELECTED 2

* Landauer Sarbanes-oxley audit changes capture data

01 REDEFINE &PRIME-FILE

LDRAUDIT1 U

* View which gets held during updates.

01 UPDATE-VIEW VIEW OF &PRIME-DDM

PRIME2 U

LOGGING-UPDATES 1

* Landauer Sarbanes-oxley audit changes capture data

LDRAUDIT2 U

* "

* View used to store audit trail logs. "

01 &LOG-FILE VIEW OF &LOG-DDM "

Subprogram: CUFMGFIL Parameter: LOG N "

SECONDARY-FILE-USED 1

* "

* Secondary file view. "

The Solution

CSMUSEX Natural Construct

Jul 30 Maintain User Exit 1 of 1

User exit name ......... LDRAUDIT2

Code frame name ........ CUFMDA2 Conditional N

User exit required ..... X

Generate as subroutine . _

Sample subprogram ...... ________ GUI sample subprogram .. ________

Default user exit code .

01 REDEFINE UPDATE-VIEW_______________________________________________

2 CHUNK1 (A250/1:21) /* most of record - resize as needed________

2 CHUNK1X (A250) /* final segment - resize as needed_________

* Correct above values (field sizes only) to exactly match the__________

* update-view of your data. Use these sizes to adjust the audit______

* processor program when adding the routine for this view.____________

* Example: ACCOUNT-MASTER-ALL is 20 elements of A250, plus A228___________

* ..................................................................____

________________________________________________________________________

________________________________________________________________________

Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF1

help retrn

The Solution

• DEFINE EXIT LDRAUDIT1 • 2 CHUNK (A250/1:5) /* MOST OF RECORD - RESIZE AS NEEDED • 2 CHUNKX (A57) /* FINAL SEGMENT - RESIZE AS NEEDED • 1 AUDIT-LOOP-LIMIT (P5) INIT <6> /* SET TO MATCH CHUNK LIMIT+CHUNKX • * Correct above values (field + array sizes) to exactly match the • * prime-view of your data. Use these sizes to adjust the audit • * processor program when adding the routine for thie view. • * Example: ACCOUNT-SERVICES is 21 elements of A187, plus A3. • * Be sure to set correct audit-loop-limit to match array size. • * You may use a maximum of 30 occurrences as specified in the LDA.. • 1 AUDIT-ACTIV-FRZ (A2) INIT <'A '> /* Set this to the correct activity• END-EXIT

The Solution

MULTIPLE-WINDOWS

* Landauer code to pop up a window to capture authorization code

FORMAT IP=OFF

DEFINE WINDOW AUTHWIN

SIZE 4 * 25

TITLE 'Authorization Code'

FRAMED ON (CD=YE)

/* Only pop the window up if the Y has been keyed and no

/* authorization has been keyed yet.

/* 03/09/05 change - glcae

IF #CONFIRM-FLG = 'Y' AND

AUDIT-AUTH-CODE = ' ' THEN

SET KEY OFF

SET WINDOW 'AUTHWIN'

INPUT WINDOW='AUTHWIN'

AUDIT-AUTH-CODE (AD=ULAE'_')

SET WINDOW OFF

SET KEY ON

The Solution

The Solution

Define data 1 view of actual data 1 view of clone of actual data 1 view of audit detail – contains raw before & after images

READ for update copy actual data to clone call audit-capture routine - reformats clone data to fit copy screen changes to the actual data view copy actual data to clone again call audit-capture again - reformat changed clone data to fit write audit record.

The Solution


ADABASAudit table

ADABASDetailAudit table

The Solution

ADABASHistoricalAudit table

Audit-Log Audit-History

The Solution

10:45:12 ***** NATURAL LIST COMMAND ***** 2006-08-03 User FAYE - List DDM AUDIT-HISTORY - Library ISDL DDM DBID 0 DDM FNR 138 VSAM Name Default Sequence Page 1 T L DB Name F Lg S D Remark - - -- -------------------------------- - ---- - - ------------------------ 1 AA AUDIT-FUNC A 1 F Action or function a 1 AB AUDIT-ACTIV A 2 F D Activity effecting change 1 AC CUST-NBR N 6.0 Customer Number 1 AD ACCT-NBR P 6.0 Account number 1 AE SER-CODE A 3 Series Code 1 AF PART-NBR A 5 Participant number. 1 AG DOSI-SN P 7.0 N Dosimeter serial number 1 AH DOSI-SN-SUFX A 1 N Dosimeter serial suffix 1 AI GENERIC-SEARCH-DATA A 64 N D 1 AJ AUDIT-DATE N 8.0 1 AK AUDIT-PROG A 32 N 1 AL AUDIT-TIME N 7.0 N 1 AM AUDIT-AUTH-CODE A 64 N D 1 AN AUDIT-USER A 32 N D 1 AO AUDIT-VIEW-NAME A 64 N D 1 AP AUDIT-FIELD-NAME A 64 N D 1 AT AUDIT-FIELD-OCCUR N 7.0 N 1 AU AUDIT-FIELD-OCCUR-MAX N 7.0 N 1 AV AUDIT-SUB-FIELD-OCCUR N 7.0 N 1 AW AUDIT-SUB-FIELD-OCCUR-MAX N 7.0 N 1 AQ AUDIT-FIELD-DESCRIPTION A 64 N Business description M 1 AR BEFORE-IMAG A 128 N M 1 AS AFTER-IMAG A 128 N

The Solution

Audit ConverterProgram

ViewHandler Subroutine



…

The Solution

** Program: AXAUDTP0 ** Author: Faye Windhorst ** Date Written: 12/22/04 ** Description: This program is the driver for moving records from the ** Audit-Log to the Audit-History file. ** Records on the Audit-Log are unformatted and contained in ** a "chunk of data". This program performs subroutines for ** each Adabas view to format the raw audit data into a ** useable format on the Audit-History file. As records are ** processed and written to Audit-History, they are ** physically deleted from Audit-Log. ** DEFINE DATA GLOBAL USING AXAUDTG0 LOCAL USING AXJCLA1 LOCAL 01 COUNTERS 02 #READ-CTR (N7) 02 #DELETE-CTR (N7) 01 INDICES 02 #MAX-AUTH-IX(N3) INIT <100> 02 #AX-IX (N3) 02 #IX (N3) END-DEFINE

(More...)

The Solution

READAUDT.READ AUDIT-LOG BY ISNADD 1 TO #READ-CTR DECIDE FOR FIRST CONDITION WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'ACCOUNT-CONTRACT-INFO' PERFORM AXACONS0-ACCOUNT-CONTRACT-INFO WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'ACCOUNT-CONTRACT-PO-INFO' PERFORM AXACPOS0-ACCOUNT-CONTRACT-PO-INFO WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'ACCOUNT-MASTER-ALL' DECIDE ON FIRST AUDIT-LOG.AUDIT-PROG VALUES 'ISACCTP1', 'ISCNUPP1' PERFORM AXAMALS4-ACCOUNT-MASTER-ACCT* INCLUDES AXAMALS5, AXAMALS6 & AXAMALS7 VALUE 'ISADDRP1' PERFORM AXAMALS8-ACCOUNT-MASTER-ADDRESS NONE PERFORM AXAMALS0-ACCOUNT-MASTER-ALL* INCLUDES AXAMALS1, AXAMALS2 & AXAMALS3 END-DECIDE WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'ACCOUNT-MASTER-CTL' PERFORM AXAMCTS0-ACCOUNT-MASTER-CTL

(MORE…)

WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'STATE-CODE-TABLE' PERFORM AXCTSTS0-STATE-CODE-TABLE WHEN ANY IF AUDIT-ET-CTR > 0 ADD 1 TO #DELETE-CTR DELETE (READAUDT.) END TRANSACTION RESET AUDIT-ET-CTR*(MORE…)

The Solution* IF AUDIT-LOG.AUDIT-AUTH-CODE = MASK (999999'-'999999) OR AUDIT-LOG.AUDIT-AUTH-CODE = MASK ('F'999999'-'999999) OR AUDIT-LOG.AUDIT-AUTH-CODE = MASK ('S'999999'-'999999) OR AUDIT-LOG.AUDIT-AUTH-CODE = MASK ('UK OFFICE'...........) EXAMINE AXJCLA1.#AUDIT-AUTH-ARRAY(*) FOR AUDIT-LOG.AUDIT-AUTH-CODE GIVING INDEX #IX IF #IX = 0 #AX-IX := #AX-IX + 1 AXJCLA1.#AUDIT-AUTH-ARRAY (#AX-IX) := AUDIT-LOG.AUDIT-AUTH-CODE END-IF** if the auth-code-array is full - stop processing and* get the remaining audit-log records on the next pass* IF #AX-IX = #MAX-AUTH-IX ESCAPE BOTTOM END-IF END-IF* END-IF WHEN NONE WRITE 'No audit subroutine for ' AUDIT-LOG.AUDIT-VIEW-NAME '.' END-DECIDE *END-READ *IF #AX-IX > 0 AXJCLA1.#NAT-LIBRARY := 'ISDL' AXJCLA1.#NAT-SOURCE-NAME := 'AXAHJCC1' AXJCLA1.#AUDIT-ARRAY-IX := #AX-IX CALLNAT 'AXJCLN1' AXJCLA1END-IF*WRITE 15T 'RECORDS READ ' #READ-CTR (EM=Z,ZZZ,ZZ9)/ 15T 'RECORDS DELETED' #DELETE-CTR (EM=Z,ZZZ,ZZ9)/// 15T ' *** END OF REPORT *** 'END

The Solution** MODULE NAME: AXAMALS3** AUTHOR: FAYE WINDHORST** DATE WRITTEN: 12-27-04** DESCRIPTION: THIS SUBROUTINE IS PERFORMED AS PART OF AXAUDTP0 TO FORMAT ** ACCOUNT-MASTER-ALL AUDIT DATA FROM AUDIT-LOG INTO A USEABLE** FORMAT ON AUDIT-HISTORY**DEFINE DATAGLOBAL USING AXAUDTG0 /* AUDIT-LOGLOCAL USING FXSDELA0 /* SYSDIC-EL (PREDICT FIELD NAME DESCR)LOCAL USING FXAUDHA0 /* AUDIT-HISTORYLOCAL01 ACTMST-ALL-BEFORE 02 ACCT-NBR (P6) 02 ACCT-SER-CODE (A3) 02 REC-DEL-IND (A1) 02 TERR-CODE (A1) 02 STATE-CODE (A2) 02 ACCT-NAME (A23) (MORE...)01 REDEFINE ACTMST-ALL-BEFORE 02 BEFORE-CHUNK (A250/1:20) 02 BEFORE-CHUNKX (A228)*01 ACTMST-ALL-AFTER 02 ACCT-NBR (P6) 02 ACCT-SER-CODE (A3) 02 REC-DEL-IND (A1) 02 TERR-CODE (A1) 02 STATE-CODE (A2) 02 ACCT-NAME (A23) (MORE...)01 REDEFINE ACTMST-ALL-AFTER 02 AFTER-CHUNK (A250/1:20) 02 AFTER-CHUNKX (A228)END-DEFINE

The SolutionDEFINE SUBROUTINE AXAMALS3-ACCOUNT-MASTER-BEFORE-AFTER* -------------------------------------------------------------------------------------------------** AUDIT-IMAG = BEFORE IMAGE** AUDIT-IMAG-TWO = AFTER IMAGE** MOVE FROM AUDIT FILE INTO VIEW LAYOUTS**BEFORE-CHUNK (1:20) := AUDIT-IMAG(1:20)BEFORE-CHUNKX := AUDIT-IMAG(21)AFTER-CHUNK (1:20) := AUDIT-IMAG-TWO(1:20)AFTER-CHUNKX := AUDIT-IMAG-TWO(21)RESET FXAUDHA0MOVE BY NAME AUDIT-LOG TO FXAUDHA0-RECORDFXAUDHA0.ACCT-NBR := ACTMST-ALL-BEFORE.ACCT-NBRFXAUDHA0.SER-CODE := ACTMST-ALL-BEFORE.ACCT-SER-CODEFXAUDHA0.CUST-NBR := ACTMST-ALL-BEFORE.CUST-NBRDECIDE FOR EVERY CONDITIONWHEN ACTMST-ALL-BEFORE.TERR-CODE NE ACTMST-ALL-AFTER.TERR-CODE MOVE 'TERR-CODE' TO FXAUDHA0.AUDIT-FIELD-NAME PERFORM LOOKUP-FIELD-DESCRIPTION MOVE ACTMST-ALL-BEFORE.TERR-CODE TO FXAUDHA0.BEFORE-IMAG (1) MOVE ACTMST-ALL-AFTER.TERR-CODE TO FXAUDHA0.AFTER-IMAG (1) PERFORM STORE-AUDIT-HISTORY-RECORDWHEN ACTMST-ALL-BEFORE.STATE-CODE NE ACTMST-ALL-AFTER.STATE-CODE MOVE 'STATE-CODE' TO FXAUDHA0.AUDIT-FIELD-NAME PERFORM LOOKUP-FIELD-DESCRIPTION MOVE ACTMST-ALL-BEFORE.STATE-CODE TO FXAUDHA0.BEFORE-IMAG (1) MOVE ACTMST-ALL-AFTER.STATE-CODE TO FXAUDHA0.AFTER-IMAG (1) PERFORM STORE-AUDIT-HISTORY-RECORDWHEN ACTMST-ALL-BEFORE.ACCT-NAME NE ACTMST-ALL-AFTER.ACCT-NAME MOVE 'ACCT-NAME' TO FXAUDHA0.AUDIT-FIELD-NAME PERFORM LOOKUP-FIELD-DESCRIPTION MOVE ACTMST-ALL-BEFORE.ACCT-NAME TO FXAUDHA0.BEFORE-IMAG (1) MOVE ACTMST-ALL-AFTER.ACCT-NAME TO FXAUDHA0.AFTER-IMAG (1) PERFORM STORE-AUDIT-HISTORY-RECORD (MORE...)WHEN NONE IGNOREEND-DECIDE

And finally…

And finally…

Faye WindhorstLandauer, Inc.14th NATURAL ConferenceOctober, 2006

Questions???

Connecting Sarbanes to Oxley

Documents

Connecting Sarbanes to Oxley