For banking (PCI DSS, SOX) and healthcare (HIPAA), your CICS security architecture is auditable. Auditors will ask: Who can access which regions? How is user identity propagated across regions? How are privileged transactions (like force-post or override) controlled? Ahmad Rashidi at Pinnacle Health