Audit Article, IT Audit Article, Security Article, Integrated Audit Article, Technical Article, IT Audit

The Control Impact of Data Center Consolidations

With companies under pressure to reduce costs, IS departments have been the target of many budget cuts. One of the most common cost reduction techniques is the consolidation of data centers.
During good times, most large development groups enjoyed a close relationship with their data center. Because of their familiarity with the applications, the data center was expected to react and correct many application problems. The close relationship allowed for informal processes to be used in major application and data center supported functions.
However, we have recently entered the era of regional processing centers, where a user is considered and ID and an application is just a name. All previous expectations of the data center should not be interpreted as "THE CONTRACT WITH THE DATA CENTER" . If a new job is established, either an automated restart/recovery process must be established or a restart/recovery procedure must be written in a "cookbook" format. Otherwise the operator will not know how and where to restart the job. Also, if data set naming conventions are not adhered to, security administration will not be able to identify when one application infringes on other applications naming conventions. These are examples of development expectations which cannot be fulfilled by a regional processing center.
In this new order of regional processing centers, certain control functions which were previously performed by the data center are now performed at the department level. With such new department level control functions, the auditor must now include these departments when they perform data center reviews Some control functions which should be established within individual departments include:
  • cross department monitoring of naming conventions
  • job processing post review
  • establishment of department level security policy
  • security database design
  • monitoring security violations
  • emergency ID activation, follow-up, and review
  • decentralized security administration and reconcilement of access granted
  • change management configuration


For a free proposal to perform an audit of your organization or provide SOX support & testing services, contact Mitchell Levine of Audit Serve at (203) 972-3567 or via e-mail at


Copyright  2006, Audit Serve, Inc. All rights reserved. Reproduction, which includes links from other Web sites, is prohibited except by permission in writing.

AuditNet - The Global Resource for Auditors

Audit Vision

Since 1991
Join 3,500 other subscribers



Free Audit Serve Seminars Posted Online

25 minute extract from the seminar entitled "Alternate Control Design Approaches for z/OS" presented by Mitch Levine in London (at the Churchill War Rooms) March, 2018 which would be of interest to IT Audit, Security and GRC personnel

General Data Protection Regulation Seminar

Copyright © 2015. All Rights Reserved.