Unsupported OS and DB2 software issue 639

  • The answer to my question might be obvious but I would greatly appreciate some feedback.
    I am currently working on a SOX project for a client that is using OS/390 and DB2 software that is no longer supported by the vendor. Also, the migration path necessary for them to reach a supported version takes them through an unsupported version first.
    This is definitely a SOX issue, is it not? My concern is the timing of the upgrade process, because as it is currently scheduled there is no way for a supported version of OS and DB2 to be in place for review and testing prior to a review by E_and_Y.
    Thanks very much.

  • has management documented why they are running on unsupported versions of software? this was a choice someone made so find evidence of their rationale for it.
    has senior management documented the risks involved and potential impact?
    has senior management documented their decision to ‘accept’ the risk of running on unsupported software?
    if you have this type of ‘solid’ documentation then you can explain it this way to your external auditors. it demonstrates the logic beind the decision to accept the risk.
    also, if you do have a remediation plan or will be developing one then you can also document that as well. the external auditors will most likely be interested
    this is a tough position to be in…I wonder if it would be easier to start with a fresh install of the OS to a new box then copy over the data from a backup.

Log in to reply