HCL Workload Automation 9.5.0, HCL Workload Automation distributed - Agent for z/OS 9.4 considerations for GDPR readiness


Notice:

This document is intended to help you in your preparations for GDPR readiness. It provides information about features of HCL Workload Automation that you can configure, and aspects of the product’s use, that you should consider to help your organization with GDPR readiness. This information is not an exhaustive list, due to the many ways that clients can choose and configure features, and the large variety of ways that the product can be used in itself and with third-party applications and systems.

Clients are responsible for ensuring their own compliance with various laws
and regulations, including the European Union General Data Protection Regulation.
Clients are solely responsible for obtaining advice of competent legal counsel as to
the identification and interpretation of any relevant laws and regulations that may
affect the clients’ business and any actions the clients may need to take to comply
with such laws and regulations.

The products, services, and other capabilities
described herein are not suitable for all client situations and may have restricted
availability. HCL Technologies does not provide legal, accounting, or auditing advice or represent or
warrant that its services or products will ensure that clients are in compliance with
any law or regulation.


Table of Contents

  1. GDPR
  2. Product Configuration for GDPR
  3. Data Life Cycle
  4. Data Storage
  5. Data Access
  6. Data Processing
  7. Data Deletion
  8. Data Monitoring
  9. Responding to Data Subject Rights

GDPR

General Data Protection Regulation (GDPR) has been adopted by the European Union (“EU”) and applies from May 25, 2018.

Why is GDPR important?

GDPR establishes a stronger data protection regulatory framework for processing of personal data of individuals. GDPR brings:

Read more about GDPR


Product Configuration - considerations for GDPR Readiness

Offering Configuration

Configuration to support Data Security
  1. The product can be configured with custom certificates (the custom certificates are created and managed by the administrator).
  2. SSL comunication among processes must be configured. Default certificates are provided, but you are strongly recommended to customize them straight after the installation process has completed to ensure your environment is secure.
    The following documentation paragraphs better explain the procedures:
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_ad/awsadscenDWCagtdistconn.htm
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_ad/awsadservercommscen.htm
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_ad/awsadMDMDAcomm.htm
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_ad/awsadusingssl.htm
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_pi/awspicfgremcliSSL.htm
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_ad/awsadusingsslforedwa.htm

Data Life Cycle

  1. Workload Definitions contain “description” free text field that can be filled in by the user.
  2. The product can be configured to enable Auditing Justification feature.
    In this case, some free text fields are enabled and the users can insert information like justification for change and ticket number.
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_tsweb/General_Help/keepingtrack.htm
  3. The offering works with the following downstream products:
    - IBM Websphere Application Server Liberty base
    - IBM DB2 v11.5 Standard Edition
  4. The offering involves “HCL Technologies” IP Partner and non-IBM entity.

Authentication data for physical users (user’s names and Windows passwords) are collected with the purpose:

  1. To authenticate users when using Command lines, Web Interfaces and APIs:
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_ad/awsadwhereconfldap.htm#whereconfldap
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_ad/awsadenterpwd.htm
  2. To authenticate users when running jobs:
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_tsweb/General_Help/changepasswordinplan.htm
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_ref/awsrglocalvarsinjobdefs.htm
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_ref/awsrguserdefn.htm
Personal data used for online contact with HCL Technologies

HCL Workload Automation clients can submit online comments/feedback/requests to contact HCL Technologies about HCL Workload Automation subjects in a variety of ways, primarily:

Typically, only the client name and email address are used, to enable personal replies for the subject of the contact, and the use of personal data conforms to the [HCL Technologies Online Privacy Statement] (https://www.hcltech.com/privacy-statement).


Data Storage


Data Access


Data Processing

Encryption at rest:

  1. Customer cannot encrypt data inside the product using his personal keys.
  2. Encryption at rest is not performed (the product encrypts only passwords). To reduce risks, entire disk where the product and the database are installed can be encrypted.

Encryption in motion:

  1. Customer can specify his personal keys during the deployment. For further information, see the Readme file for HCL Workload Automation Version 9.5 Fix Pack 4

Data Deletion


Data Monitoring

  1. Core dumps can contain customer data
  2. Passwords are encrypted and never logged.
  3. Data and activities monitoring can be performed enabling auditing features:
    https://workloadautomation.hcldoc.com/help/topic/com.hcl.wa.doc_9.5/distr/src_ad/awsadauditoverview.htm
  4. Logs can be enabled and managed using specific tools:
    https://help.hcltechsw.com/workloadautomation/v95/distr/src_pi/awspilogfilestws.html

Responding to Data Subject Rights