S 2.297 Deinstallation of z/OS systems

Initiation responsibility: Information Security Management, Head of IT

Implementation responsibility: Administrator

If a z/OS is no longer required, it is not sufficient to only switch off the system. When disassembling a z/OS system or a parallel Sysplex, the following recommendations should be taken into consideration:

Deleting hard disks

All hard disks containing sensitive data, e.g. customer data, must be deleted in such a way that their content cannot be reproduced. For this, a program such as ICKDSF may be used. Deletion may also be performed by the manufacturing company. If hard disks, even individual hard disks, are faulty and must be replaced by the manufacturer as a result, it must be ensured that the replaced hard disk is destroyed by the manufacturer. This should be contractually agreed. The same also applies to the replacement of the entire hard disk cabinet. Before transferring data media to third parties, it must be checked whether this is permitted by the protection requirements of the stored data (see also S 2.167 Selecting suitable methods for deleting or destroying data).

Deleting IDs

All IDs of the deinstalled system must be deleted, unless this is performed automatically by disassembly. If a system is removed from a parallel Sysplex, the IDs and aliases on the other systems of the parallel Sysplex must be deleted.

The corresponding IDs must be deleted from the administration systems (e.g. user administration).

Deleting system names

The system names (SYSIDs) must be deleted from the system lists. If a system is removed from a parallel Sysplex, the system name must be deleted from the Sysplex definitions.

Deleting the system

The system must be deleted from the password synchronisation procedure, if such a procedure is used (see S 2.294 Synchronisation of z/OS passwords and RACF commands).

The system must be deleted from all terminal monitor programs, e.g. TPX (Terminal Productivity Executive) or NV/AS (NetView/Access).

The system must be deleted from the NJE definitions (Network Job Entry) of the JES2/3.

Reporting

The reporting system must be checked as to whether definitions and possibly tables must be deleted.

Automation

Existing automation procedures must be checked as to whether definitions require adaptations.

License key management

Since the disassembly reduced the number of systems, it should be checked whether software licenses are no longer required and can be cancelled.

Review questions:

• Are all hard disks containing sensitive data deleted when deinstalling a z/OS system in such a way that their content cannot be reproduced?
• Replacement of faulty hard disks of a z/OS system with the manufacturer: Are there contractual agreements regarding the destruction of the hard disks by the manufacturer?
• Has it been ensured that all IDs are deleted from deinstalled z/OS systems?
• Is the reporting system checked as to whether definitions and possibly tables must be deleted when deinstalling z/OS systems?