Preliminary information
Before conducting an audit, you should establish preliminary information concerning the type, size, and complexity of your installation. The following questions should help you get started.
- What are the processor complexes and their associated system control programs (SCPs), including the release and level of RACF® for each? You can use the DSMON reports to answer this particular question.
- For each processor complex, what are the subsystems—such as TSO/E, IMS/ESA®, CICS/ESA—protected by RACF (including the release and level of each)? List them.
- Are processor complexes linked (for example, by NJE, RSCS, JES2, or JES3)?
- Is DASD shared between systems? What type of data is shared?
- Do you have dial-up lines?
- Explain briefly the classification system.
- What is the highest classification of data processed and/or transmitted?
- Will you be using z/OS UNIX System Services?