IT Automation: Proving SOX Compliance of Background Job Governance and Monitoring in SAP Solution Manager
An important capability of efficient and effective operations and a conditio sine qua non for intelligent enterprise and digital transformation is automation management, aka background job management or job management. The concept and toolsets are by no means new, please find a recent overview in this article. In the following paragraphs, a very specific detail of IT automation management (not Business automation management) in and with SAP Solution Manager 7.2 is very briefly outlined due to recent questions sent to us in this regard: Job Management’s SOX compliance – and how audits can be supported.
General Job Management Recap
End-to-End Background Job Request and Documentation Management as well as Job Monitoring enables an IT organization to establish an integrated IT automation life cycle management. After approval and documentation of background jobs, they are scheduled, monitored (Event Management) and optimized (Continuous Improvement) by the Operations Control Center using SAP Solution Manager Job Management.
Specific Job Management Question: Is Job Management and Monitoring in SAP Solution Manager SOX compliant?
Regarding the Sarbanes-Oxley Act (see SOX in SAPedia or Sarbanes-Oxley Act in Wikipedia), there is no formal statement for SAP Solution Manager in place to the author’s knowledge, as SAP Solution Manager is typically not affecting financial transactions directly.
As discussed in this comment, it is however very likely that IT automation, aka background jobs, are scheduled which have (significant) financial impact. Therefore, there is a need for (a) background job governance and (b) background job monitoring.
In SAP Solution Manager based background job governance, SOX compliance can be fulfilled by embedding the request and documentation process in SAP Solution Manager Solution Documentation, Service Desk Management (incident management), and/or Change Request Management (change management). The latter log each processing status change. Moreover, change logs are available for Job Documentation documents, which log changes of the document status (for a deeper dive into the difference please read this article).
Job Documentation: Change Log
For SAP Solution Documentation (incl. Version Management) as well as SAP Solution Manager Service Desk and Change Management, please see application help and product documentation. See below a brief description of how to find Job Documentation documents and corresponding change logs to support your audit (document status).
In SAP Solution Manager’s Fiori Launchpad, use the Job Documentation App.
The Job Documentation App allows you to
- display Job Documentation documents as list including document status, version, creator, dates, etc. and export this list to file,
- use mass processing to do that in bulk (see SAP Help for further details),
- do more.
Within a Job Documentation document, display the change log to prove Job Documentation document status changes over time. Download to file as and if required.
Job Monitoring: Configuration and Runtime Objects
See below a brief description of how to find Job Monitoring/Alerting configuration and runtime objects to support your audit (monitoring status).
If you want to prove to auditors that a certain job monitoring/alerting is configured, there are several options available. The options below are not exhaustive.
If Job Monitoring and Alerting is configured as part of Business Process Operations (i.e. in the business process context), then the SAP Solution Manager Business Process Operations Object Administration App can be used. Find it in group Business Process Monitoring in SAP Solution Manager Fiori Launchpad. Filter by Logical Component or Business Context and type and/or area. Download to file as and if required.
If not, tables in the SAP Solution Manager database which hold the configuration data can be used. The tables are ACALERTDIR and ACALERTDIRT (further tables holding additional information, e.g. MAI_MONOBJPARAM and ACCONTEXTDIR etc.):
- table ACALERTDIR contains alert basic information,
- table ACALERTDIRT contains the alert description/name.
The field “DISABLED” in ACALERTDIR can be used to determine whether alerting is active or not, if this field is blank it means alerting is active, if it is ‘x’ it means the alerting is disabled/inactive.
Please note: Tables MAI_MONOBJPARAM et al. store the configuration data for job monitoring objects:
- table MAI_MONOBJPARAM contains the list of job monitoring objects,
- table ACMETRICDIR contains the list of metrics activated for each monitoring object together with data collection frequency and data retention period.
These monitoring configuration tables (and ACALERTDIR et al. for alerting configuration) are linked using context id (i.e. monitoring object id).
If you want to prove to auditors that a certain (configured and activated) job monitoring/alerting is actively creating runtime objects (i.e. rated metrics and alerts), there are several options available. The options below are not exhaustive.
Any monitoring and alerting is stored long term in SAP Solution Manager’s Business Warehouse (SAP Netweaver BW). You can either use the SAP Solution Manager Dashboard Builder or use the contents of the InfoCube(s) itself – to prove that monitoring and alerting data is indeed available.
(Remark: filtering for Job related data only is possible)
Any monitoring and alerting is stored short term in SAP Solution Manager’s Metric and Alert Store. You can either use the SAP Solution Manager Alert Search App or OCC Alert Reporting App or the contents of runtime table(s) E2EA_ALERTVIEW (Open Alerts) and E2EA_CALERTVIEW (Confirmed Alerts) to prove that monitoring and alerting data is indeed available. Download to file as and if required.
Alert Search App > Select Job Monitoring and other criteria as needed > Search > Get a flat list:
(OCC) Alert Reporting App > Select Job/Job Monitoring > Select > Get a graphical reporting:
Tables E2EA_ALERTVIEW and E2EA_CALERTVIEW > Filter via Technical Scenario > Get a table output:
More details please find in the SAP Solution Manager 7.2 Media Center. The SAP Solution Manager 7.2 Public Demo System invites interested parties to log on to an SAP Solution Manager 7.2 system and try for yourselves.