Security is a regularly-discussed topic, if not always openly so. With the rock-solid iSeries, security is a notable feature.

TRW Automotive chose Quattro Consultancy Services (recently promoted to Business Partner status by IBM) to implement its SOX (U.S. Government Sarbanes Oxley Act of 2002) compliancy using the Bsafe/Global Security product. SOX was instituted to enforce the integrity of public organisations’ fiscal reports and restore trust in corporate sovereignty. Unfortunately, steps to SOX compliancy are said to be vague and many executives have been left questioning the validity of their network's compliance. Restricting access to data is necessary to ensure the compliance of a network's infrastructure. So a solution is typically required for safeguarding confidential information on a network.

TRW is a major US corporation with global interests. The UK arm was struggling with US SOX regulations due to the late notification of the inclusion of non-American group companies within the regulations, as well as the need to match SOX-approved competitors within the European market.

Says Quattro director Glenn Robinson (who is also an ace contributor to iSeries NEWS UK magazine): “It’s always difficult to apply restrictive security and access to applications and processes once they have been live for a number of years. The complexity of the operational issues and the potential impact on the business of performing such actions cannot be underestimated. TRW had a great number of processes, such as critical 24x7 warehouse FTP interfaces and ODBC connections that had to be made secure in line with SOX, without the process ever being interrupted. Quattro’s understanding of the business requirements and the flexibility of the software enabled this to happen seamlessly.”

David Crowther, senior IS manager, Aftermarket Europe, TRW Automotive, says: "To address a SOX compliance requirement to restrict Telnet, FTP and ODBC services on our iSeries platform, we implemented Bsafe/Global Security. Our implementation has been approved by internal audit and, later this year, it’ll be subject to an E&Y external audit. Quattro provided a professional service aiding initially product selection and then the execution phase. Its focus in the area of critical iSeries operational service requirements results in clearly-visible deliverables to the business.”

TRW Automotive Aftermarket is a leading provider of high-quality replacement parts, service and technical support to the independent aftermarket (IAM) and vehicle manufacturer service (VMS) channels. Combining the original equipment (OE) strengths of the TRW/Lucas-branded braking programme and TRW-branded steering and suspension range, the business leads Europe in chassis systems for the aftermarket.

TRW Automotive’s use of iSeries involves a 9406-870 #2486, Server Feature #0886, Interactive Feature (5250) #7421 located in Germany and use of OS/400 V5R2. The system runs BPCS for the all the European centres for TRW across three LPARS.

Robinson comments: “Quattro chose to team up with KDP Software for the supply of the Bsafe software. Based in the UK, KDP is recognised as the most proficient and successful distributor in EMEA, and as such has a close relationship with the vendor. This level of skill and experience matched Quattro’s technical expertise and offered TRW a safe and successful implementation in the short timescales required.”

Recognising the incredible complexity of the iSeries, Bsafe takes the view that properly configuring the security systems of an iSeries is vastly enabled by rigorous, regular auditing and such audits are crucial to the security of any complex system. If an iSeries is connected to a local or remote network, there are weaknesses in the computer’s defences. Even using a hardware firewall, the computer is still open to attack from outside and misuse from within. Data can be viewed, changed and even deleted – without trace.

At TRW, says Robinson: “It was a key feature for TRW to identify how users were accessing their systems, especially as they were trying to implement SSL connection Europe-wide. Bsafe Information Systems’ software has enabled reports to be produced showing all those users that have still not been converted. This simple identification would have been virtually impossible without the use of the software. A spin-off from the ability to monitor such network traffic has been the identification of users of ‘legacy’ ODBC application in depots and offices across Europe that were previously unknown to the staff at HQ, with obvious benefits to the support and maintenance of such applications.”

Bsafe/Global Security is a security toolkit combining exit-point access control, auditing, reporting, monitoring and IDS early warning in a single product, controlled through a user-friendly GUI. Bsafe is a scalable solution that works well on any iSeries, in any size organisation. As TRW is ably proving with Quattro’s help.