Case Study: Continuous Compliance Across IT Systems

Download Now

To download this white paper you’ll need an Infosecurity Magazine account. Log in or sign up below.

Log in
Sign up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in our online comments.

Your password should:

  • be at least eight characters long
  • be no more than 25 characters long
  • contain at least one uppercase, lowercase and special character
  • contain at least one digit
  • only contain alphanumeric characters or ~!@#$%^&*()_-+=?.

For more information explaining how we use your information please see our privacy policy.

By registering you agree with our terms and conditions.

While Capital is not an acquiring bank or merchant, the company must comply with multiple regulatory standards required by its clients. These standards include the Payment Card Industry Data Security Standard (PCI), the Office of the Comptroller of the Currency (OCC), the Statement on Auditing Standards No. 70 (SAS 70), and the Gramm-Leach-Bliley Act (GLBA).

CAPITAL's IT organization has followed the typical path of a growing company, expanding its infrastructure and capabilities to support an increasing customer base. But fast growth can often result in IT being too busy to implement standard practices, such as ITIL, and some organizations lack the tools necessary to track changes and satisfy the auditors.

This case study, provided by Tripwire, reports on how Capital utilized configuration control to ensure automated continuous compliance across its IT systems. The end result was Capital achieved and maintained compliance with various regulations (including PCI), reducing time and costs associated with audits; decreased unplanned work by 75%; and improved integrity and discipline of change and release management processes.

Should you download this content your information may be shared with the sponsors indicated above. Please see Infosecurity Magazine’s privacy policy for more information.