connecting sarbanes to oxley faye windhorst landauer, inc. 14 th natural conference october, 2006
TRANSCRIPT
Connecting Sarbanes to Oxley
Faye WindhorstLandauer, Inc.14th NATURAL ConferenceOctober, 2006
Background
1970
2006
VSAM
ADABAS
Background 14:02:41 ***** NATURAL LIST COMMAND ***** 2006-08-02 User FAYE - LIST Objects in a Library - Library FIXLIB Cmd Name Type S/C SM Version User ID Date Time --- ACCT*____ *__________ *__ * *______ *________ *__________ *________ __ ACCTDTFX Program S/C S 4.1.03 BENT 2005-05-19 09:48:56 __ ACCTFIX Program S/C R 3.1.04 TOMC 2002-10-30 15:20:31 __ ACCTFXDT Program S/C S 4.1.03 FAYE 2005-08-17 12:59:26 __ ACCTJKS Program S R 2.2.08 JKIE 1997-12-31 16:02:30 __ ACCTMAST Program S S 2.2.08 FAYE 1998-01-29 16:12:12 __ ACCTSEL1 Program S/C S 3.1.04 FAYE 2002-05-21 14:30:53 __ ACCTSEL2 Program S/C S 3.1.04 FAYE 2002-05-21 10:32:17 __ ACCTSEL3 Program S/C S 3.1.04 FAYE 2002-05-24 07:55:13 __ ACCTSERV Program S S 2.2.08 FAYE 1998-01-09 08:37:34 __ ACCTTEST Program S/C S 2.1.07 BENT 1992-05-14 11:37:23 10 Objects found Top of List. Command ===> Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12--- Help Print Exit Sort -- - + ++ > Canc
Background
07/30/06 ***** Landauer, Inc. ***** ISMNTP1 14:16 - File Maintenance Menu 1 - ISMNTM1 Code System/Function/Explanation
A Account Master (80) B Account Master Control Record (80) C Dosimeter (72)
D Dosimeter Component (73) E Participant Master (81) F Process Menu H Report Master (99) I N144 Etching Tray (78) J N144 Cross Reference (79) K Credit Dosimeter Return (45) L Ship Date Table (101)
Enter code: __
Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF12--- help retrn main quit NxtMn flip
Background
Background
Problem
The Solution
Existing CON-STRUCTprogram
ADABASAudit table
?
The Solution
14:33:42 ***** NATURAL LIST COMMAND ***** 2006-08-02 User FAYE - List DDM ACCOUNT-MASTER-ALL - Library FIXLIB
DDM DBID 0 DDM FNR 80 VSAM Name Default Sequence Page 1 T L DB Name F Leng S D Remark - - -- -------------------------------- - ---- - - ------------------------
1 AA ACCT-NBR P 6.0 Account number 1 AB ACCT-SER-CODE A 3 Account series code 1 AC REC-DEL-IND A 1 Record deleted indicator 1 AD TERR-CODE A 1 N Account sales territory 1 AE STATE-CODE A 2 N State code. 1 AF ACCT-NAME A 23 N Account name 1 AG ACCT-LICENSEE-NAME A 16 N Account licensee name 1 AH ACCT-LICENSEE-NBR A 15 N Account licensee number 1 AI ACCT-REG-NBR A 7 N Account registration number 1 AJ ACCT-EXPOS-RPT-CPY A 2 N Account exposure report copy 1 AK ACCT-EXPOS-RPT-DUP-DEST A 1 N Account duplicate exposure report dest 1 AL ACCT-MREM-OVEXP-DEEP A 5 N Account over exposure MREM
Top of List.
The Solution
Existing CON-STRUCTprogram
PLOG
SPATs
The Solution
Existing CON-STRUCTprogram
READ For UPDATE Capture Before Image
Apply changes to updateview
UPDATE
Capture After Image
The Solution
User FAYE - List DDM AUDIT-LOG - Library FIXLIB DDM DBID 0 DDM FNR 139 VSAM Name Default Sequence Page 1 T L DB Name F Leng S D Remark - - -- -------------------------------- -- ---- - - ------------------------ 1 AA AUDIT-FUNC A 1 F Action or function against data 1 AB AUDIT-ACTIV A 2 F Activity effecting change 1 AC AUDIT-AUTH-CODE A 20 N 1 AD AUDIT-DATE N 8.0 N 1 AE AUDIT-PROG A 32 N 1 AF AUDIT-TIME N 7.0 N 1 AG AUDIT-USER A 32 N 1 AH AUDIT-VIEW-NAME A 32 N M 1 AJ AUDIT-IMAG A 250 Image of record being audited (30 Occur) M 1 AK AUDIT-IMAG-TWO A 250 Secondary image of record being audited (30 Occur)
The SolutionCode Frame ......... CUFMC22 SIZE 40000
Description ........ FILE MAINTENANCE CODE - MISC. SUBROUTINES FREE 88705
> > + ABS X X-Y _ S 500 L 325
....+....1....+....2....+....3....+....4....+....5....+....6....+....7.. T C
IF UPDATE-VIEW.&PRIME-PREFIX&LOG-COUNTER NE "
&PRIME-FILE.&PRIME-PREFIX&LOG-COUNTER THEN "
RESET #RECORD-DISPLAYED "
BACKOUT TRANSACTION "
USE-MSG-NR 3
REINPUT *8010 ALARM /* Intervening change, please try again "
ELSE 3
REINPUT 'Intervening change, please try again' ALARM "
RETURN-TO-CONDITION 2
END-IF "
RETURN-TO-CONDITION 1
ASSIGN #UPDATE-PERFORMED = TRUE "
* Landauer capturing before image
AUDIT-FUNC := #ACTION
AUDIT-IMAG-TYPE := 'BEFORE'
PERFORM AUDIT-PURGE-MODIFY-RTN
*
PURGE-ACTION-SELECTED 2
....+....1....+....2....+....3....+....4....+....5....+....6....+....7.. T
The Solution************************************************************************
DEFINE SUBROUTINE AUDIT-PURGE-MODIFY-RTN
************************************************************************
IF AUDIT-FUNC = 'M' THEN
AUDIT-FUNC := 'C'
END-IF
IF AUDIT-FUNC = 'P' THEN
AUDIT-FUNC := 'D'
END-IF
IF AUDIT-IMAG-TYPE = 'BEFORE' THEN /* always do this on before images
AUDIT-PROG := *PROGRAM
AUDIT-USER := *USER
AUDIT-DATE := *DATN
AUDIT-TIME := *TIMN
AUDIT-VIEW-NAME := '&PRIME-FILE'
AUDIT-Y := AUDIT-LOOP-LIMIT - 1 /* must stop on last full element
FOR AUDIT-X = 1 TO AUDIT-Y
AUDIT-IMAG (AUDIT-X) := CHUNK1 (AUDIT-X)
END-FOR /* (0200)
AUDIT-IMAG (AUDIT-X) := CHUNK1X
END-IF
The Solution
IF AUDIT-IMAG-TYPE = 'AFTER' THEN /* always do this on after images
AUDIT-Y := AUDIT-LOOP-LIMIT - 1 /* must stop on last full element
FOR AUDIT-X = 1 TO AUDIT-Y
AUDIT-IMAG-TWO (AUDIT-X) := CHUNK1 (AUDIT-X)
END-FOR
AUDIT-IMAG-TWO (AUDIT-X) := CHUNK1X
END-IF
IF AUDIT-IMAG-TYPE = 'AFTER' OR /* write audit if after image
AUDIT-IMAG-TYPE = 'BEFORE' AND /* or before image on a purge
AUDIT-FUNC = 'D' THEN
AUDIT-ACTIV := AUDIT-ACTIV-FRZ
STORE AUDIT-LOG
RESET AUDIT-LOG
AUDIT-X
AUDIT-Y
END-IF
END-SUBROUTINE /* audit-purge-modify-rtn
The Solution
************************************************************************
DEFINE SUBROUTINE AUDIT-ADD-RTN
************************************************************************
AUDIT-PROG := *PROGRAM
AUDIT-USER := *USER
AUDIT-DATE := *DATN
AUDIT-TIME := *TIMN
AUDIT-FUNC := 'A'
AUDIT-VIEW-NAME := '&PRIME-FILE'
AUDIT-Y := AUDIT-LOOP-LIMIT - 1 /* must stop on last full element
FOR AUDIT-X = 1 TO AUDIT-Y
AUDIT-IMAG-TWO (AUDIT-X) := CHUNK (AUDIT-X)
END-FOR
AUDIT-IMAG-TWO (AUDIT-X) := CHUNKX
AUDIT-ACTIV := AUDIT-ACTIV-FRZ
STORE AUDIT-LOG
RESET AUDIT-LOG
AUDIT-X
AUDIT-Y
END-SUBROUTINE /* audit-add-rtn
The Solution
* Primary file being maintained on the INPUT statement.
01 &PRIME-FILE VIEW OF &PRIME-DDM
PRIME1 U
NOT PRIME-FILE-IS-DB2 OR NOT KEY-IS-A-SUPER 1
NEXT-ACTION-SELECTED OR ADD-ACTION-SELECTED 2
* Landauer Sarbanes-oxley audit changes capture data
01 REDEFINE &PRIME-FILE
LDRAUDIT1 U
* View which gets held during updates.
01 UPDATE-VIEW VIEW OF &PRIME-DDM
PRIME2 U
LOGGING-UPDATES 1
* Landauer Sarbanes-oxley audit changes capture data
LDRAUDIT2 U
* "
* View used to store audit trail logs. "
01 &LOG-FILE VIEW OF &LOG-DDM "
Subprogram: CUFMGFIL Parameter: LOG N "
SECONDARY-FILE-USED 1
* "
* Secondary file view. "
The Solution
CSMUSEX Natural Construct
Jul 30 Maintain User Exit 1 of 1
User exit name ......... LDRAUDIT2
Code frame name ........ CUFMDA2 Conditional N
User exit required ..... X
Generate as subroutine . _
Sample subprogram ...... ________ GUI sample subprogram .. ________
Default user exit code .
01 REDEFINE UPDATE-VIEW_______________________________________________
2 CHUNK1 (A250/1:21) /* most of record - resize as needed________
2 CHUNK1X (A250) /* final segment - resize as needed_________
* Correct above values (field sizes only) to exactly match the__________
* update-view of your data. Use these sizes to adjust the audit______
* processor program when adding the routine for this view.____________
* Example: ACCOUNT-MASTER-ALL is 20 elements of A250, plus A228___________
* ..................................................................____
________________________________________________________________________
________________________________________________________________________
Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10--PF11--PF1
help retrn
The Solution
• DEFINE EXIT LDRAUDIT1 • 2 CHUNK (A250/1:5) /* MOST OF RECORD - RESIZE AS NEEDED • 2 CHUNKX (A57) /* FINAL SEGMENT - RESIZE AS NEEDED • 1 AUDIT-LOOP-LIMIT (P5) INIT <6> /* SET TO MATCH CHUNK LIMIT+CHUNKX • * Correct above values (field + array sizes) to exactly match the • * prime-view of your data. Use these sizes to adjust the audit • * processor program when adding the routine for thie view. • * Example: ACCOUNT-SERVICES is 21 elements of A187, plus A3. • * Be sure to set correct audit-loop-limit to match array size. • * You may use a maximum of 30 occurrences as specified in the LDA.. • 1 AUDIT-ACTIV-FRZ (A2) INIT <'A '> /* Set this to the correct activity• END-EXIT
The Solution
MULTIPLE-WINDOWS
* Landauer code to pop up a window to capture authorization code
FORMAT IP=OFF
DEFINE WINDOW AUTHWIN
SIZE 4 * 25
TITLE 'Authorization Code'
FRAMED ON (CD=YE)
/* Only pop the window up if the Y has been keyed and no
/* authorization has been keyed yet.
/* 03/09/05 change - glcae
IF #CONFIRM-FLG = 'Y' AND
AUDIT-AUTH-CODE = ' ' THEN
SET KEY OFF
SET WINDOW 'AUTHWIN'
INPUT WINDOW='AUTHWIN'
AUDIT-AUTH-CODE (AD=ULAE'_')
SET WINDOW OFF
SET KEY ON
The Solution
The Solution
Define data 1 view of actual data 1 view of clone of actual data 1 view of audit detail – contains raw before & after images
READ for update copy actual data to clone call audit-capture routine - reformats clone data to fit copy screen changes to the actual data view copy actual data to clone again call audit-capture again - reformat changed clone data to fit write audit record.
The Solution
Existing CON-STRUCTprogram
ADABASAudit table
ADABASDetailAudit table
The Solution
ADABASHistoricalAudit table
Audit-Log Audit-History
The Solution
10:45:12 ***** NATURAL LIST COMMAND ***** 2006-08-03 User FAYE - List DDM AUDIT-HISTORY - Library ISDL DDM DBID 0 DDM FNR 138 VSAM Name Default Sequence Page 1 T L DB Name F Lg S D Remark - - -- -------------------------------- - ---- - - ------------------------ 1 AA AUDIT-FUNC A 1 F Action or function a 1 AB AUDIT-ACTIV A 2 F D Activity effecting change 1 AC CUST-NBR N 6.0 Customer Number 1 AD ACCT-NBR P 6.0 Account number 1 AE SER-CODE A 3 Series Code 1 AF PART-NBR A 5 Participant number. 1 AG DOSI-SN P 7.0 N Dosimeter serial number 1 AH DOSI-SN-SUFX A 1 N Dosimeter serial suffix 1 AI GENERIC-SEARCH-DATA A 64 N D 1 AJ AUDIT-DATE N 8.0 1 AK AUDIT-PROG A 32 N 1 AL AUDIT-TIME N 7.0 N 1 AM AUDIT-AUTH-CODE A 64 N D 1 AN AUDIT-USER A 32 N D 1 AO AUDIT-VIEW-NAME A 64 N D 1 AP AUDIT-FIELD-NAME A 64 N D 1 AT AUDIT-FIELD-OCCUR N 7.0 N 1 AU AUDIT-FIELD-OCCUR-MAX N 7.0 N 1 AV AUDIT-SUB-FIELD-OCCUR N 7.0 N 1 AW AUDIT-SUB-FIELD-OCCUR-MAX N 7.0 N 1 AQ AUDIT-FIELD-DESCRIPTION A 64 N Business description M 1 AR BEFORE-IMAG A 128 N M 1 AS AFTER-IMAG A 128 N
The Solution
Audit ConverterProgram
ViewHandler Subroutine
ViewHandler Subroutine
ViewHandler Subroutine
…
The Solution
** Program: AXAUDTP0 ** Author: Faye Windhorst ** Date Written: 12/22/04 ** Description: This program is the driver for moving records from the ** Audit-Log to the Audit-History file. ** Records on the Audit-Log are unformatted and contained in ** a "chunk of data". This program performs subroutines for ** each Adabas view to format the raw audit data into a ** useable format on the Audit-History file. As records are ** processed and written to Audit-History, they are ** physically deleted from Audit-Log. ** DEFINE DATA GLOBAL USING AXAUDTG0 LOCAL USING AXJCLA1 LOCAL 01 COUNTERS 02 #READ-CTR (N7) 02 #DELETE-CTR (N7) 01 INDICES 02 #MAX-AUTH-IX(N3) INIT <100> 02 #AX-IX (N3) 02 #IX (N3) END-DEFINE
(More...)
The Solution
READAUDT.READ AUDIT-LOG BY ISNADD 1 TO #READ-CTR DECIDE FOR FIRST CONDITION WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'ACCOUNT-CONTRACT-INFO' PERFORM AXACONS0-ACCOUNT-CONTRACT-INFO WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'ACCOUNT-CONTRACT-PO-INFO' PERFORM AXACPOS0-ACCOUNT-CONTRACT-PO-INFO WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'ACCOUNT-MASTER-ALL' DECIDE ON FIRST AUDIT-LOG.AUDIT-PROG VALUES 'ISACCTP1', 'ISCNUPP1' PERFORM AXAMALS4-ACCOUNT-MASTER-ACCT* INCLUDES AXAMALS5, AXAMALS6 & AXAMALS7 VALUE 'ISADDRP1' PERFORM AXAMALS8-ACCOUNT-MASTER-ADDRESS NONE PERFORM AXAMALS0-ACCOUNT-MASTER-ALL* INCLUDES AXAMALS1, AXAMALS2 & AXAMALS3 END-DECIDE WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'ACCOUNT-MASTER-CTL' PERFORM AXAMCTS0-ACCOUNT-MASTER-CTL
(MORE…)
WHEN AUDIT-LOG.AUDIT-VIEW-NAME = 'STATE-CODE-TABLE' PERFORM AXCTSTS0-STATE-CODE-TABLE WHEN ANY IF AUDIT-ET-CTR > 0 ADD 1 TO #DELETE-CTR DELETE (READAUDT.) END TRANSACTION RESET AUDIT-ET-CTR*(MORE…)
The Solution* IF AUDIT-LOG.AUDIT-AUTH-CODE = MASK (999999'-'999999) OR AUDIT-LOG.AUDIT-AUTH-CODE = MASK ('F'999999'-'999999) OR AUDIT-LOG.AUDIT-AUTH-CODE = MASK ('S'999999'-'999999) OR AUDIT-LOG.AUDIT-AUTH-CODE = MASK ('UK OFFICE'...........) EXAMINE AXJCLA1.#AUDIT-AUTH-ARRAY(*) FOR AUDIT-LOG.AUDIT-AUTH-CODE GIVING INDEX #IX IF #IX = 0 #AX-IX := #AX-IX + 1 AXJCLA1.#AUDIT-AUTH-ARRAY (#AX-IX) := AUDIT-LOG.AUDIT-AUTH-CODE END-IF** if the auth-code-array is full - stop processing and* get the remaining audit-log records on the next pass* IF #AX-IX = #MAX-AUTH-IX ESCAPE BOTTOM END-IF END-IF* END-IF WHEN NONE WRITE 'No audit subroutine for ' AUDIT-LOG.AUDIT-VIEW-NAME '.' END-DECIDE *END-READ *IF #AX-IX > 0 AXJCLA1.#NAT-LIBRARY := 'ISDL' AXJCLA1.#NAT-SOURCE-NAME := 'AXAHJCC1' AXJCLA1.#AUDIT-ARRAY-IX := #AX-IX CALLNAT 'AXJCLN1' AXJCLA1END-IF*WRITE 15T 'RECORDS READ ' #READ-CTR (EM=Z,ZZZ,ZZ9)/ 15T 'RECORDS DELETED' #DELETE-CTR (EM=Z,ZZZ,ZZ9)/// 15T ' *** END OF REPORT *** 'END
The Solution** MODULE NAME: AXAMALS3** AUTHOR: FAYE WINDHORST** DATE WRITTEN: 12-27-04** DESCRIPTION: THIS SUBROUTINE IS PERFORMED AS PART OF AXAUDTP0 TO FORMAT ** ACCOUNT-MASTER-ALL AUDIT DATA FROM AUDIT-LOG INTO A USEABLE** FORMAT ON AUDIT-HISTORY**DEFINE DATAGLOBAL USING AXAUDTG0 /* AUDIT-LOGLOCAL USING FXSDELA0 /* SYSDIC-EL (PREDICT FIELD NAME DESCR)LOCAL USING FXAUDHA0 /* AUDIT-HISTORYLOCAL01 ACTMST-ALL-BEFORE 02 ACCT-NBR (P6) 02 ACCT-SER-CODE (A3) 02 REC-DEL-IND (A1) 02 TERR-CODE (A1) 02 STATE-CODE (A2) 02 ACCT-NAME (A23) (MORE...)01 REDEFINE ACTMST-ALL-BEFORE 02 BEFORE-CHUNK (A250/1:20) 02 BEFORE-CHUNKX (A228)*01 ACTMST-ALL-AFTER 02 ACCT-NBR (P6) 02 ACCT-SER-CODE (A3) 02 REC-DEL-IND (A1) 02 TERR-CODE (A1) 02 STATE-CODE (A2) 02 ACCT-NAME (A23) (MORE...)01 REDEFINE ACTMST-ALL-AFTER 02 AFTER-CHUNK (A250/1:20) 02 AFTER-CHUNKX (A228)END-DEFINE
The SolutionDEFINE SUBROUTINE AXAMALS3-ACCOUNT-MASTER-BEFORE-AFTER* -------------------------------------------------------------------------------------------------** AUDIT-IMAG = BEFORE IMAGE** AUDIT-IMAG-TWO = AFTER IMAGE** MOVE FROM AUDIT FILE INTO VIEW LAYOUTS**BEFORE-CHUNK (1:20) := AUDIT-IMAG(1:20)BEFORE-CHUNKX := AUDIT-IMAG(21)AFTER-CHUNK (1:20) := AUDIT-IMAG-TWO(1:20)AFTER-CHUNKX := AUDIT-IMAG-TWO(21)RESET FXAUDHA0MOVE BY NAME AUDIT-LOG TO FXAUDHA0-RECORDFXAUDHA0.ACCT-NBR := ACTMST-ALL-BEFORE.ACCT-NBRFXAUDHA0.SER-CODE := ACTMST-ALL-BEFORE.ACCT-SER-CODEFXAUDHA0.CUST-NBR := ACTMST-ALL-BEFORE.CUST-NBRDECIDE FOR EVERY CONDITIONWHEN ACTMST-ALL-BEFORE.TERR-CODE NE ACTMST-ALL-AFTER.TERR-CODE MOVE 'TERR-CODE' TO FXAUDHA0.AUDIT-FIELD-NAME PERFORM LOOKUP-FIELD-DESCRIPTION MOVE ACTMST-ALL-BEFORE.TERR-CODE TO FXAUDHA0.BEFORE-IMAG (1) MOVE ACTMST-ALL-AFTER.TERR-CODE TO FXAUDHA0.AFTER-IMAG (1) PERFORM STORE-AUDIT-HISTORY-RECORDWHEN ACTMST-ALL-BEFORE.STATE-CODE NE ACTMST-ALL-AFTER.STATE-CODE MOVE 'STATE-CODE' TO FXAUDHA0.AUDIT-FIELD-NAME PERFORM LOOKUP-FIELD-DESCRIPTION MOVE ACTMST-ALL-BEFORE.STATE-CODE TO FXAUDHA0.BEFORE-IMAG (1) MOVE ACTMST-ALL-AFTER.STATE-CODE TO FXAUDHA0.AFTER-IMAG (1) PERFORM STORE-AUDIT-HISTORY-RECORDWHEN ACTMST-ALL-BEFORE.ACCT-NAME NE ACTMST-ALL-AFTER.ACCT-NAME MOVE 'ACCT-NAME' TO FXAUDHA0.AUDIT-FIELD-NAME PERFORM LOOKUP-FIELD-DESCRIPTION MOVE ACTMST-ALL-BEFORE.ACCT-NAME TO FXAUDHA0.BEFORE-IMAG (1) MOVE ACTMST-ALL-AFTER.ACCT-NAME TO FXAUDHA0.AFTER-IMAG (1) PERFORM STORE-AUDIT-HISTORY-RECORD (MORE...)WHEN NONE IGNOREEND-DECIDE
And finally…
And finally…
Faye WindhorstLandauer, Inc.14th NATURAL ConferenceOctober, 2006
Questions???
Connecting Sarbanes to Oxley