S 3.42 Training z/OS operators

Initiation responsibility: Head of IT, Head of Personnel

Implementation responsibility: Supervisor, Administrator

The operation of z/OS systems is complex and designed in such a way that many areas are involved. Therefore, it must be ensured that the operators receive the training required for their activity. In addition to the recommendations in safeguard S 3.11 Training of maintenance and administration staff, the following information must also be observed by the employees in the z/OS area:

• The administrators should be appropriately trained for their tasks by regular attendance at training courses and user conferences. Consideration should be given to determining the training using a training plan.
• In addition, RACF administrators should be trained in all security-related areas of the z/OS system.
• The auditors should be trained according to their tasks. The tasks of the auditors are described in safeguard S 2.291 Security reporting and security audits under z/OS.
• Consideration should be given as to whether regular security-related training should be given to all employees who work with z/OS systems. Here, the existing set of rules, the security definitions and the reasons that have led to the security safeguards should be explained to the employees (increased awareness of security considerations).

Review questions:

• Are the administrators appropriately trained for their tasks by regular attendance at training courses and user conferences?
• Are the RACF administrators trained in all security-related areas of the z/OS system?