BMC Helix Control-M Data Handling policy

This topic outlines the policy for handling data in the BMC Helix Control-M service.

Customer data is any data that you enter into the system during onboarding activities and normal use of services.  BMC manages sensitive customer data by using the following guidelines:

• Customers retain ownership of their data at all times.
• All external solution traffic over the web is secured using encryption.
• Database schemas are completely segregated, with a dedicated schema per customer.
• The infrastructure and applications are configured to account for security standards using a hardening process to reduce security vulnerabilities.
• Monitoring is in place to alert of any suspected or actual data breaches.
• Periodic penetration tests are performed to identify any potential or actual security issues.
• The operational and support organizations employ the separation of duties security principle to ensure that only the resources required to support the solution have access to specific data.
• Periodic internal and external security audits are run on the systems to identify any vulnerabilities.

See also the information under Security.