This topic describes very important system and security documentation to retain for auditing.

1. Computer room access.  Who has access and how is the room secured ?

2. The IBMi OS Version and Release
PTF  levels. The recommendation is that the PTFs
should be current or no older than the current release -1.

3. System Values
Print and determine that the system is set for proper best
practice guidelines.

4. System Security
• User Profiles – Password Strength, Password Change Policy, Profile Sharings, *ALLOBJ
• SystemAudit Level
• Journaling – Journal Policies, Retention
• Integrated File System – Folder Security
• Usage of QSECOFR – who has access, how often Password is changed, who keeps it?
• Sharing of passwords and Profiles

5. Job Scheduler
• How are Jobs submitted. Print the entire list.
• What profile is used to Submit Jobs ?

6. Programs
• Use of Authorization Lists
• Use of Job Descriptions
• Where are programs located on the system
• Use of PDM

7. Backups/Recovery
• What tools are being used for Backups
• How often and Retention
• Media and OFFSITE policies