Eliminating redundant compliance effort
With greater demands and new regulations constantly being imposed on a rapidly shrinking pool of experienced z/OS resources, the linear relationship between how you are currently supporting cybersecurity and compliance needs and the number of resources you must dedicate to that work must change. MainTegrity FIM+ was created to break this conundrum by reducing the administrative burden, and associated cost, in every phase of operation, setup, detection, response, recovery, compliance and audit.
By having FIM+ create the reports and email them directly to the right staff, significant savings and potentially the elimination of full-time resources can be achieved. The improved accuracy, consistent delivery, and ability to make auditors more self-sufficient can also reduce audit costs and associated time. Compliance scores are also often improved.
Specific Compliance Examples:
SOX Compliance: Focusses on fraud avoidance by proving there have been no unapproved changes that could impact financial reporting. This is a criminal offence in the USA meaning that anyone providing false assurances can be incarcerated. As a result, many companies exert extensive manual much of which can be avoided with the FIM+ Integrity monitoring coupled with our ServiceNow gateway eliminate the drudgery manual cross referencing. Also, with the improved record keeping SOX audits can shortened further reducing effort and cost.
PCI / DSS compliance is required for every computer that handles Debit or Credit card information. The current version of DSS is 3.2.1 requires Integrity Monitoring in Sections 10.5 and 11.5. Prior to FIM+ this has not been readily available on mainframes resulting in labor intensive compensating controls. Significant fines and suspension of card privileges can be levied against non-compliant entities.
FIM+ can generate reports to prove compliance and avoid onerous and problem prone manual efforts. In one case, reduction in manual effort on PCI report generation and delivery alone, was estimated to be more than one full time position.
GDPR, Cyber Resiliency and other compliance standards also apply. The effort required to prove compliance with these and other standards can be burdensome and an administrative nightmare. FIM+ has knowledge on what has been maliciously altered and the ability to restore the infrastructure to its trusted state, in an automated manner. As a direct result, mainframes can be compliant in a manner formerly not possible. The potential savings in time and unneeded costs / fines can be staggering when fully analyzed.
Savings on Audit:
Every compliance standard typically uses time-to-time audits as proof that processes are being followed. These can be time consuming and expensive and if non-compliance is found even more painful. They usually involve both management and security staff for extended periods of time. With a superior information base built by FIM+, automated reporting audits can be completed more quickly and provide additional time to be more focused on year over year improvements not errors.
The FIM+ forensics browser with its advanced knowledge and ease of use, can make auditors more self-sufficient saving even more time and cost.