System i Software

iSecurity Safe Update

Regulate the Use of File Editors in IBM i Production Environments


Government and industry regulations, including Sarbanes-Oxley (SOX), GDPR, PCI, and HIPAA, stipulate measures that companies must take to ensure proper data security and monitoring. ​Part of their requirement is that only specifically permitted programs can make updates to business-critical data in production environments.

Safe-Update guards against unauthorized updates by what is considered to be dangerous programs. – programs that are not compliant to the organization’s business rules since they were not designed for it.  With Safe-Update, administrators can implant a security layer in the files themselves which will resist unauthorized updates even if such are performed by powerful users who have *ALLOBJ authority.  The specification is made by allowing whitelists of programs or denying a provided (editable) blacklist of programs which includes known file editors, DFU and the Start SQL  command.

When the organization needs to update data with tools that are normally not allowed, Safe-Update implements a workflow that consists of work orders created by management that specifying who can work with the data, the reason of the work, and the limited time during which the work order is valid. Based on the work order, the specified programmer can then open a ticket and perform the requested updates interactively or in batch. All work under the tickets is logged, even if the data files themselves are not journaled.

If an unauthorized update is attempted, a window appears requesting the entry of a ticket.

iSecurity Safe-Update Key Features​

  • Monitors and protects data against updates by unauthorized programs.
  • Allows authorized users to create ad-hoc tickets, which are tracked in the same way as work orders.
  • Work orders specify the programmer, the files, the updates required and  the time frame.
  • Tickets are automatically closed if inactive for a period of time.
  • Allows updates to fields that are marked as insignificant.
  • Subject to the organization policy, ad-hoc tickets might be permitted as well.
  • Creates a record of updates, logging who updated the data, who authorized the update, and why it was done.
  • Database journal information displayed by AP-Journal commands highlights updates made under Safe-Update permissions.

For more details email [email protected] or call +61-3-9572-5869