Before conducting an audit, you should establish preliminary information
concerning the type, size, and complexity of your installation. The
following questions should help you get started.
- What are the processor complexes and their associated system control
programs (SCPs), including the release and level of RACF® for each? You can use the DSMON reports
to answer this particular question.
- For each processor complex, what are the subsystems—such as TSO/E, IMS/ESA®, CICS/ESA—protected
by RACF (including the release
and level of each)? List them.
- Are processor complexes linked (for example, by NJE, RSCS, JES2,
or JES3)?
- Is DASD shared between systems? What type of data is shared?
- Do you have dial-up lines?
- Explain briefly the classification system.
- What is the highest classification of data processed
and/or transmitted?
- Will you be using z/OS UNIX System Services?