The use of mainframe computers is quite common due to large capacity, performance, and reliability. Mainframe computers are often used to process and store data that is essential to key transaction and reporting processes. Like any other environment, the mainframe environment must be properly secured to prevent unauthorized activities such as data manipulation, data corruption, or the processing of invalid transactions.

Mainframe computers are generally secured through the use of third-party security software, most notably IBM's Resource Access Control Facility (RACF), Computer Associates' Access Control Facility 2 (CA-ACF2), or Computer Associates' Top Secret. In addition to the implementation and use of security software, the overall security of the mainframe also relies heavily upon the configurations of the operating system and related system software.

Our mainframe security assessments evaluate the adequacy of mainframe security controls, policies, procedures, and processes to determine the impact on the integrity of data processing. Our review procedures include the use of audit tools, the execution of automated job scripts, and manual reviews of mainframe security settings critical to the execution of mainframe processes.

We have developed specialized audit procedures for each mainframe security software as well as the mainframe operating system to aid our assessments. These audit procedures can be used to perform stand-alone mainframe security assessments or to supplement the performance of audits that consider activities performed by the mainframe.


To learn more about how we can assist you, please contact us.