allows companies to simplify the regulatory compliance as well as combat and detect fraudulent activity by allowing managers to easily generate accurate, relevant, and readable reports on any kind of system or database activity.
Introduced in 1998, QJRN/400
is widely used by companies that face an elevated fraud risk or are subject to strong regulatory standards, such as Sarbanes-Oxley (SOX), Basel II, Health Insurance Portability and Accountability Act (HIPAA), Code of Federal Regulations Title 21 (21-CFR), or Payment Card Industry Data Security Standards (PCI-DSS).
Time and again, QJRN/400
has proven its worth in the detection of real fraud and in helping our clients prepare for and obtain excellent results during official audits of regulatory compliance.
A non-intrusive product, QJRN/400
can be used by companies of all sizes, from SME to large multi-nationals with complex technical environments. Additionally, the product is compatible with the most commonly used ERP systems on the IBM i.DESCRIPTION
enhances IBM i journaling functionality to track system events and database changes. IBM i journals are the only audit source that are accepted by security and audit professionals.QJRN/400
includes two independent modules that can be used either separately or concurrently: Database Audit and System Audit.
The Database Audit module allows you to produce audit reports across the databases used on the IBM i. Examples include:
- Database changes effected via programs from outside the standard database applications
- Events occurring outside normal business hours
- Modification to sensitive database field values, such as credit limits, price lists, discount rates, etc.
The System Audit module gives you the tools you need to fully understand the processes going on at system level. Examples include:
- Modifications to system values, object authorities, profiles, authorization list, etc.
- Access attempts (authentication or object access)
- Powerful user activity (i.e.*ALLOBJ, etc.)
- Transfers of objects to production libraries
- Actions on spooled files, adopted authorities, exit points, etc.
- Read access to, or use of, sensitive objects (file, program, menu, command, etc.)
allows you to generate journal-based audit reports that are easy to read and understand. Reports can be ad hoc or scheduled and emailed automatically to the people who need them.
- Easy to install and set up; no need for any application modifications
- All types of journal entries are accepted (QAUDJRN, QACGJRN, QZMF), as well as user-defined entries
- Compatible with journaling-based high-availability and replication software
- Separate management of journals and receivers is permitted; ideal for customers that use hardware replication/IASP
- Unique and powerful query engine allows precise condition definitions
- Numerous report output types: physical file, PDF, XLS, CSV, etc.
- Event notification via e-mail, popup or syslog
- Report distribution via SMTP, FTP or via the IFS
- Ad hoc, periodic, and real-time reports and alerts
- Extraction and reporting can be independent steps from each other, allowing you to retain extracted data for future reporting
- Can be used on-demand during investigations
- Audit models can be created, saved and restored
- Standard audit models are included for the most popular ERP software
- And many other useful features
- Reduce significantly the time and associated costs required to achieve regulatory compliance
- Allow real segregation of duties and enforce the independence of auditors
- Promote journaling as an audit trail
- Solve security incidents and contentious situations quickly
- Go beyond deterring fraud activities by contributing to the implementation of best practices in applications and system utilization