Part VI: Security, Compliance, and Operational Excellence
"Nobody thanks you for security that works. But the first time it fails, your name is in the incident report, the audit finding, and possibly the news. These four chapters are insurance against that day."
What This Part Covers
Part VI covers the topics that keep you out of the news: mainframe security architecture, capacity planning, disaster recovery, and operational automation. These chapters represent the operational maturity that distinguishes a system that works from a system that works reliably, securely, and at scale — year after year.
Security, compliance, and operational excellence are not afterthoughts in banking, insurance, healthcare, and government. They are primary requirements. PCI-DSS, HIPAA, SOX, GDPR, and agency-specific regulations impose specific technical controls on how data is stored, accessed, transmitted, and audited. This part teaches you how to implement those controls in COBOL/z/OS environments.
Federal Benefits Administration's 40-year codebase must meet strict federal security requirements while undergoing incremental modernization. Pinnacle Health Insurance faces HIPAA compliance obligations that dictate encryption, access controls, and audit trails. Continental National Bank's PCI-DSS and SOX requirements shape every architecture decision. All three appear throughout this part.
Chapters in This Part
| Chapter | Title | Key Question |
|---|---|---|
| 28 | Mainframe Security | How do you implement RACF-based security that satisfies PCI/HIPAA auditors? |
| 29 | Capacity Planning | How do you forecast growth and right-size your MSU budget? |
| 30 | Disaster Recovery | How do you design and test a DR plan that actually works? |
| 31 | Operational Automation | How do you build self-healing batch streams and automated operations? |
Progressive Project
You'll complete the operational framework for your HA banking system: RACF security profiles, encryption strategy, PCI-DSS compliance controls, capacity planning model, GDPS-based disaster recovery procedures, and automated operations with REXX and JCL procedures.
Prerequisites
Part I. Parts II–V recommended but not strictly required (specific cross-references noted in each chapter).