Use SOX to free up enhancements
July 11, 2005
The Sarbanes-Oxley Act (SOX) is putting HP 3000 shops through their paces this year, but the law that is making IT shops clean up procedures might have a silver lining for the 3000 customer. HP needs motivation — the fabled "business case" — to justify work on the platform for its customers. Federal legislation seems to be a great business case, according to Donna Garverick at Longs Drug Stores. In a posting to the 3000 newsgroup last month, Garverick said that "a certain drug store company" has a service request (SR) filed with HP to finish the port of OpenSSH, secure file transfer software that will satisfy SOX requirements.
The HP 3000 community has made a start at bringing OpenSSH to the 3000. Ken Hirsch has a working port posted at the invent3k public access server, but it needs more engineering time to become worthy of meeting SOX requirements. Garverick said OpenSSH will let Longs transfer its data from the 3000 securely, and suggests that users who are also trying to meet SOX requirements should ask HP to clean up the port on HP's invent3k server.
Secure FTP is getting the transfers done for Garverick, "albeit slowly." She'd prefer to us OpenSSH, if HP can be convinced to respond to SRs filed about the invent3k port of the software:
Because of Sar-Ox, we’re required to use Secure FTP for transferring data. If your company is in the same situation, please HP know that you too would like to see OpenSSH brought to MPE
There's no guarantee that US law will be able to ensure engineering time for OpenSSH. But if there's a better business case than avoiding government fines, we'd like to hear it. Use your support channel contacts (if you're still on HP's MPE support) to file your SRs. It's likely that SOX will require some other enhancements to the 3000, if HP is willing at all to help its customers make their transition. Secure FTP, (SFTP) the working part of OpenSSH, is well documented. A great supplemental Web page SFTP is at Beechglen's Web site: