Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Case Study: Continuous Compliance Across IT Systems

Download Now

To download this white paper you’ll need an Infosecurity Magazine account. Log in or sign up for yours below.

Log In

Sign Up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in out online comments.
Your password should be at least six characters long. It is case sensitive. Passwords can only consist of alphanumeric characters or ~!@#$%^&*()_-+=?.

By registering you agree with our terms and conditions and privacy policy.

While Capital is not an acquiring bank or merchant, the company must comply with multiple regulatory standards required by its clients. These standards include the Payment Card Industry Data Security Standard (PCI), the Office of the Comptroller of the Currency (OCC), the Statement on Auditing Standards No. 70 (SAS 70), and the Gramm-Leach-Bliley Act (GLBA).

CAPITAL's IT organization has followed the typical path of a growing company, expanding its infrastructure and capabilities to support an increasing customer base. But fast growth can often result in IT being too busy to implement standard practices, such as ITIL, and some organizations lack the tools necessary to track changes and satisfy the auditors.

This case study, provided by Tripwire, reports on how Capital utilized configuration control to ensure automated continuous compliance across its IT systems. The end result was Capital achieved and maintained compliance with various regulations (including PCI), reducing time and costs associated with audits; decreased unplanned work by 75%; and improved integrity and discipline of change and release management processes.