IBM i Compliance and Security: Identifying the Events That Matter Most
Monitoring for Compliance
IBM i systems process massive volumes of critical and sensitive information for enterprises across industries. These organizations are governed by stringent cybersecurity regulations that protect consumers, such as SOX, GDPR, HIPAA, PCI DSS, state privacy regulations, and more. To maintain compliance and reduce the risk of data breaches and security incidents, all operations on an organization’s IBM i systems must be continuously monitored.
While IBM i journals and log files are comprehensive, they’re also cryptic and voluminous. If information is needed for an audit or analysis, it’s nearly impossible to extract it in a timely fashion. Without proper logging and a way to quickly obtain insights or create reports regarding changes to critical databases, enterprises risk failing regulatory audits.
To demonstrate compliance, IT teams need logs and information about a variety of dynamic elements, including:
- Changes to system objects (system values, profiles, creation or deletion of users, authorization lists)
- Sign in and access attempts
- Any action involving sensitive data
- Access to critical databases
- Authentication failures
- Changes to passwords and access rights
- Data transmission and movement
- Powerful user activity, including the commands issued