Offline IMS/DB2 Encryption

The FLAM Offline IMS/DB2 Encryption Solution is based on the FLAM subsystem and the FKME-ICSF and allows compressing and encrypting offline files (logs, unloads, …) of IMS and DB2 on the host computer. With this, the same key can be applied as that used by the IMS/DB2 encryption Tool (EDITPROC) for encrypting the tablespaces (online files). By the simple integration the protection of the online data can be extended with FLAM to offline data. But one can also just protect backups, logs, dumps, or other external data, or simply just benefit from the runtime savings.



  • Transparent compression and encryption of data in compliance with various security standards
  • Unloads, logs dumps, traces, and the like can be secured cryptographically with minimal effort the same way as tablespaces are.
  • Shorter runtimes (unload), less disk space, better security with minimal resource consumption
  • No extra effort for key management


The solution

  • Files are compressed and encrypted by the FLAM® subsystem when written and decrypted and decompressed when read.
  • During reading, just the records requested are returned by our access method and only a small segment of the offline file is decrypted and decompressed.
  • Compression helps cutting the amount of file-I/O which improves speed primarily with the unload process.
  • The FLAM® subsystem can use via ICSF the same key as the IBM encryption tool is using for the table spaces. But it is also possible to protect each file with a different key whereby this key may be a passphrase or a clear, protected, or secure key of the ICSF.
  • Integration is absolutely transparent to the applications (tools) and is done in the DD statement for a file.

Our added value

  • A simple started task in the background and inserting the SUBSYS directive into the DD statement compresses and encrypts critical data.
  • Using CPACF and ICSF for encryption minimizes CPU usage and simplifies key management.
  • Extremely efficient compression algorithms that are faster than file I/O cut runtimes.
  • Integration of compression and encryption as a subsystem into z/OS is only possible with FLAM®.