While Capital is not an acquiring bank or merchant, the company must comply with multiple regulatory standards required by its clients. These standards include the Payment Card Industry Data Security Standard (PCI), the Office of the Comptroller of the Currency (OCC), the Statement on Auditing Standards No. 70 (SAS 70), and the Gramm-Leach-Bliley Act (GLBA).
CAPITAL's IT organization has followed the typical path of a growing company, expanding its infrastructure and capabilities to support an increasing customer base. But fast growth can often result in IT being too busy to implement standard practices, such as ITIL, and some organizations lack the tools necessary to track changes and satisfy the auditors.
This case study, provided by Tripwire, reports on how Capital utilized configuration control to ensure automated continuous compliance across its IT systems. The end result was Capital achieved and maintained compliance with various regulations (including PCI), reducing time and costs associated with audits; decreased unplanned work by 75%; and improved integrity and discipline of change and release management processes.
Download Now
To download this white paper you’ll need an Infosecurity Magazine account. Log in or sign up below.
Should you download this content your information may be shared with the sponsors indicated above. Please see Infosecurity Magazine’s privacy policy for more information.