Classification: Confidential As I said yesterday, and auditor that can spell S-M-P-E is a rarity.
-----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Joel Ewing Sent: Tuesday, December 10, 2024 6:17 PM To: [email protected] Subject: Re: SMPE and auditors [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] I'm betting the auditor's level of understanding is pretty low here -- probably just a concept that putting code with a known error into production is always bad. The reality of course is that if you have been doing z/OS maintenance long enough, you know every system placed into production has unknown errors, some of which could end up being serious. Over time, as more errors are discovered and communicated to IBM resulting in APARS and HOLDs, you end up with a production system with both known and unknown errors. IBM issues PTFs to fix known errors, and if those PTFs are later found to have errors, a later ERROR hold is put on the PTF. The only difference between APPLY and APPLY BYPASS for that PTF is a matter of timing: when you do the APPLY versus when the ERROR hold on the PTF is issued. The odds are that every time you do major maintenance, you will invariably have applied some PTFs that at a later time will be found to contain errors. Normally you wouldn't want to place a PTF that has an ERROR hold into a production system, but on rare occasions you encounter a HELD PTF that fixes a problem that is very serious for your installation, while the ERROR hold is a minor issue or even no problem for your installation because of your configuration. If no resolving PTF is available, in such a case it may be desirable to BYPASS the ERROR hold to replace a critical problem with a minor one. This is a judgement call based on detailed knowledge of your specific system environment, and frankly not something a generic auditor is qualified to judge or question. When applying quarterly maintenance, you can try to maximize the number of PTFs installed and still avoid needing BYPASS by obtaining any later Error-hold-resolving PTFs that are available, but these newer resolving PTFs have had less usage and could themselves contain errors that just haven't been found yet. To me, the fixation of the Auditors on APPLY BYPASS indicates lack of understanding. It would make more sense to look for evidence about how often HOLD data was received and a REPORT ERRSYSMODS performed to check whether there are any known problems in production that are urgent enough to resolve before the next maintenance cycle. With z/OS, no reasonable SysProg puts major maintenance directly into a production system, but builds a "new" system whcih only becomes production after sufficient testing and resolution of problems. It is irrelevant whether building that new system included any APPLY BYPASS operations, only whether there are significant ERRSYSMODS remaining after the testing and problem resolution. If the timing of other events (like new hardware) forces putting a system with known unresolved ERRSYSMODS into production, one would hope there is enough review of the nature of those known errors to give some assurance the risk is minimal. JC Ewing On 12/10/24 11:20 AM, Phil Smith III wrote: > Can we first stop and be impressed that an auditor understands enough to ask > about this? > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On > Behalf Of ITschak Mugzach > Sent: Tuesday, December 10, 2024 12:16 PM > To: [email protected] > Subject: Re: SMPE and auditors > > Let your auditor access to the smp log files and find the answer himself. > > ITschak > > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere > Platform* *|* *Information Security Continuous Monitoring for Z/OS, > zLinux and IBM I **| * > > *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 > **|* > *Skype**: ItschakMugzach **|* *Web**: > http://www.s/ > ecuriteam.co.il%2F&data=05%7C02%7Callan.staller%40HCLTECH.COM%7Cafef18 > 32bba44c71108208dd197931b6%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0% > 7C638694730522176771%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsI > lYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C > 0%7C%7C%7C&sdata=q0ZqA7jLpj8ilNvCwWG29f8YbwDQec6uJQ0Qrq7iS30%3D&reserv > ed=0 **|* > > > > > > בתאריך יום ג׳, 10 בדצמ׳ 2024 ב-19:12 מאת Jousma, David < > [email protected]>: > >> All, >> >> I have an auditor that would like to see if there were any PTF’s applied >> in my environment where BYPASS HOLDERROR was specified. Its not enough >> for me to tell them that there weren’t any. I have been playing around >> with SMPE list commands, and can list PTF’s where BYPASS was specified, but >> no further granularity that I can see. And I guess it’s a bit more >> complicated than that, as rare as it is to bypass HOLDERROR, I could >> forsee one being applied after talking with support center, and then >> later, the fixing PTF came along and was applied. >> >> Any ideas that I am missing? >> >> Dave Jousma >> Vice President | Director, Technology Engineering >> >> >> >> >> >> This e-mail transmission contains information that is confidential and may >> be privileged. It is intended only for the addressee(s) named above. If >> you receive this e-mail in error, please do not read, copy or >> disseminate it in any manner. If you are not the intended recipient, >> any disclosure, copying, distribution or use of the contents of this >> information is prohibited. Please reply to the message immediately by >> informing the sender that the message was misdirected. After >> replying, please erase it from your computer system. Your assistance in >> correcting this error is appreciated. >> >> Joel C Ewing ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
