Compliance / Configuration

BladeLogic

Sarbanes-Oxley Section 404

BladeLogic allows IT organizations to implement a comprehensive IT Control infrastructure that can plan, test, deploy, and track changes within their environment.

With BladeLogic, IT organizations can answer questions such as:

  • What has changed?
  • Who made the change?
  • Was the change authorized?
  • Did the change have the intended effect?
  • What actions should the organization take to ensure compliance?
  • What evidence can be provided to the auditors?

ITIL

ITIL assists in developing a process-driven approach to IT Service Management. The best practices of ITIL focus on integrating the people, processes, and tools within an organization to deliver a variety of management functions. ITIL provides guidance on linking specific management processes across various organizations through a business-oriented approach.

ITIL's broad objectives are to:

  • Align IT Services with their business requirements
  • Provide a holistic approach to managing services
  • Provide means to deliver and support services at a justifiable cost
  • Allow IT organizations to tailor ITIL's best practice guidelines for their specific business needs.

Instituting ITIL provides a strong foundation for implementing and expediting compliance controls for regulatory and security policies.

BladeLogic supports ITIL for both Configuration Management & Release Management

PCI

Consumers, trading partners, regulators, legislators and shareholders are all demanding that any organization which accepts credit card payments comply with the credit card industry’s PCI DSS (Payment Card Industry Data Security Standard). Companies that fail to protect consumer data stand to lose millions of dollars in fines, lost sales, reduced shareholder value and squandered customer confidence.

While most organizations realize PCI is a business requirement, few realize that the key to compliance lies in doing a good job in everyday systems management. That’s because compliance isn’t an event, but a process, that requires gathering, tracking and analyzing a vast amount of information that changes frequently. If a company does a good job automating, standardizing, and monitoring systems configuration, change management and access control, it can comply not only with the PCI data security requirements, but with other critical regulations – and do a more cost-effective job meeting its service-level agreements for application performance and reliability.

How BladeLogic Helps Organizations Meet Key PCI Requirements

BladeLogic Operations Manager enables system administrators charged with ensuring PCI compliance to automatically make the system-level and system-wide configuration changes required to ensure PCI compliance, to audit systems to ensure they do not drift out of compliance, and to automatically (wherever possible) remediate unauthorized or non-compliant changes. Specifically, BladeLogic Operations Manager allows IT organizations to meet key PCI requirements, such as:

  • Build and Maintain a Secure Network
  • Maintain a Vulnerability Management Program
  • Restrict Access to Data on the Basis of a Business Need-to-Know
  • Assign a Unique ID To Each Person Who Has Computer Access
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy