Page tree
Skip to end of metadata
Go to start of metadata

BMC's Helix services are hosted from various regional locations. Each customer's service location is dependent on various factors such as environment type, proximity of the customer to the data location, and customer sector (public versus private).

This topic contains the following information:

Note

BMC supports the data residency requirements of its customers through the initial selection of a service location. Once selected, data remains within the primary and secondary locations for that service. Customers who purchase services that utilize the IBM Watson features may have select data transferred to/from the corresponding IBM service location.

Service locations and compliance

BMC is committed to offering its services from facilities that meet or exceed the rigorous standards and compliance requirements of our customers. The following table summarizes the key compliance and certification types available from each location.

BMC has partnered with IBM for a seamless integration to its BMC Helix Virtual Agent and Cognitive Automation services. IBM Watson Assistant and Discovery capabilities are provided from the location listed. 

View by: 

BMC Cloud locations

U.S. FedRAMP locations

AWS locations

Azure location

Location notice


*Note that services utilizing IBM Watson capabilities may have data stored outside of the country of the primary service location.

** Note that services utilizing the Jitterbit platform may have data processed outside of the country of the primary service location.


Service Location

Primary

Secondary

Backup (if applicable)


Data Center Compliance Types


Services Available


*IBM Service Location


**Jitterbit Service Location

Primary

Secondary

U.S. Commercial A and

U.S. Public Sector

Elk Grove Village, IL

Chicago, IL

Santa Clara, CA

 


SSAE 18, ISO 27001, PCI DSS

SSAE 18, ISO 27001, PCI DSS

SSAE 18, ISO 27001, PCI DSS



BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Cognitive Automation

BMC Helix Cognitive Search

BMC Helix Virtual Agent - Standard Capacity

BMC Helix Virtual Agent - Premium Capacity

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

BMC Helix Client Management

BMC Helix iPaaS

Dallas, TX

North America (NA)

U.S. East Coast Virginia

U.S. West Coast Oregon


European Union

Amsterdam, The Netherlands

Amsterdam, The Netherlands


 

SSAE 18, ISO 27001, ISO 50001, ISO 14001, ISO 9001, OHSAS 18001, PCI DSS

SSAE 18, ISO 27001, ISO 50001, ISO 14001, ISO 9001, OHSAS 18001, PCI DSS


BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Cognitive Automation

BMC Helix Cognitive Search

BMC Helix Virtual Agent - Standard Capacity

BMC Helix Virtual Agent - Premium Capacity

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

BMC Helix Client Management

BMC Helix iPaaS

BMC Helix Cloud Cost

BMC Helix Cloud Security

BMC Helix Capacity Optimization (all options)

BMC Helix Operations Management

Frankfurt, Germany

EMEA

Dublin, Ireland

Frankfurt, Germany

United Kingdom

London, U.K.

Slough, U.K.

 

ISO 27001, ISO 50001, ISO 14001, ISO 9001, OHSAS 18001, PCI DSS

ISO 27001, ISO 50001, ISO 14001, ISO 9001, OHSAS 18001, PCI DSS

BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Cognitive Automation

BMC Helix Cognitive Search

BMC Helix Virtual Agent - Standard Capacity

BMC Helix Virtual Agent - Premium Capacity

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

Frankfurt, Germany

EMEA

Dublin, Ireland

Frankfurt, Germany


AWS U.S. FedRAMP

Service Location

Primary

Secondary

Data Center Compliance TypesServices Available

U.S. FedRAMP

U.S. East coast

U.S. East coast


SSAE 18, ISO 27001

SSAE 18, ISO 27001

BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

U.S. FedRAMP GovCloud

(DoD Impact Level 4)

U.S. East coast

U.S. East coast


SSAE 18, ISO 27001

SSAE 18, ISO 27001

BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

Service Location

Data Center Compliance Types

Services Available

*IBM Service Location

**Jitterbit Service Location

Primary

Secondary

U.S. Commercial A AWS

Portland, OR


ISO 27001

BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Cognitive Automation

BMC Helix Cognitive Search

BMC Helix Virtual Agent - Standard Capacity

BMC Helix Virtual Agent - Premium Capacity

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

BMC Helix Discovery

BMC Helix iPaaS

Dallas, TX

North America (NA)

U.S. East Coast Virginia

U.S. West Coast Oregon

U.S. Commercial B AWS

U.S. East Coast


ISO 27001

BMC Helix Cloud Cost

BMC Helix Cloud Security

BMC Helix Vulnerability Management

BMC Helix Operations Management



Canada AWS

Montréal, Québec


ISO 27001

BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Cognitive Automation

BMC Helix Cognitive Search

BMC Helix Virtual Agent - Standard Capacity

BMC Helix Virtual Agent - Premium Capacity

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

BMC Helix iPaaS

BMC Helix Operations Management

Dallas, TX


North America (NA)

U.S. East Coast Virginia

U.S. West Coast Oregon


Asia Pacific AWS

Singapore


ISO 27001

BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Cognitive Automation

BMC Helix Cognitive Search

BMC Helix Virtual Agent - Standard Capacity

BMC Helix Virtual Agent - Premium Capacity

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

BMC Helix iPaaS

BMC Helix Operations Management

Frankfurt, Germany

Asia Pacific (APAC)

Sydney, NSW

Singapore, Malaysia


Germany AWS

Frankfurt, Germany


ISO 27001

BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Cognitive Automation

BMC Helix Cognitive Search

BMC Helix Virtual Agent - Standard Capacity

BMC Helix Virtual Agent - Premium Capacity

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

BMC Helix iPaaS

BMC Helix Capacity Optimization (all options)

Frankfurt, Germany

EMEA

Dublin, Ireland

Frankfurt, Germany

Brazil AWS

São Paulo, Brazil


ISO 27001

BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Cognitive Automation

BMC Helix Cognitive Search

BMC Helix Virtual Agent - Standard Capacity

BMC Helix Virtual Agent - Premium Capacity

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

BMC Helix iPaaS

Dallas, TX

North America

U.S. East Coast Virginia

U.S. West Coast Oregon

South Africa AWSISO 27001

BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Cognitive Automation

BMC Helix Cognitive Search

BMC Helix Virtual Agent - Standard Capacity

BMC Helix Virtual Agent - Premium Capacity

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

BMC Helix iPaaS

Frankfurt, Germany

EMEA

Dublin, Ireland

Frankfurt, Germany

Australia AWS

Sydney, NSW

ISO 27001

BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Cognitive Automation

BMC Helix Cognitive Search

BMC Helix Virtual Agent - Standard Capacity

BMC Helix Virtual Agent - Premium Capacity

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

BMC Helix Discovery

BMC Helix iPaaS

Frankfurt, Germany

Asia Pacific (APAC)

Sydney, NSW

Singapore, Malaysia


European Union AWS

Dublin, Ireland


ISO 27001

BMC Helix Discovery

BMC Helix Operations Management



Service Location

Primary

Secondary

Data Center Compliance Types

Services Available

*IBM Service Location

**Jitterbit Service Location

Primary

Secondary

United Arab Emirates (UAE) Azure

Dubai (UAE North)

Abu Dhabi (UAE Central)

SSAE 18 SOC 1, SOC 2 and SOC 3

ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 9001

PCI DSS



BMC Helix ITSM

BMC Helix Digital Workplace Basic

BMC Helix Digital Workplace Advanced

BMC Helix Custom Applications

BMC Helix Premium Connector

BMC Helix Cognitive Automation

BMC Helix Cognitive Search

BMC Helix Virtual Agent - Standard Capacity

BMC Helix Virtual Agent - Premium Capacity

BMC Helix Business Workflows

BMC Helix Multi-Cloud Broker

BMC Helix iPaaS

Frankfurt, Germany



EMEA

Dublin, Ireland

Frankfurt, Germany




Definitions

Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) program is a public-facing registry of security and privacy controls that includes a comprehensive self-assessment of a company's security posture for their cloud offerings. This program offers third-party auditing and certification processes, as well as automated auditing options.

FedRAMP - Federal Risk and Authorization Management Program is a US federal agency-specific process for assessing and authorizing federal cloud computing products and services. FedRAMP consists of a subset of National Institute of Standards and Technology Special Publication (NIST SP) 800-53 security controls specifically selected to provide protection in cloud environments. BMC's FedRAMP certification is defined for the Federal Information Processing Standards (FIPS) 199 Moderate impact level. 

ISAE 3402 - International Standard on Assurance Engagements No. 3402 was developed to provide an international assurance standard for allowing public accountants to issue a report for use by user organizations and their auditors on the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting.  

ISO 9001 - International Organization for Standardization 9001 sets criteria for a quality management system. Based on a number of quality management principles, this certification assesses customer focus and helps ensure that customers get consistent, good quality products and services.

ISO 14001 - International Organization for Standardization 14001 certifies that a company's environmental policies, protocols and procedures meet a standard whereby impact to the environment is minimized.  

ISO 27001 - International Organization for Standardization 27001 is a specification for an information security management system. This system is an approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

ISO 27017 / 27018 - International Organization for Standardization 27017 and 27018 are cloud-based compliance frameworks for information security controls and privacy protection, respectively. 

ISO 50001 - International Organization for Standardization 50001 specifies requirements for establishing, implementing and maintaining and improving an energy management system, whose purpose is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance. It includes energy efficiency, energy use and consumption.

ISO 9001 - International Organization for Standardization 9001 defines criteria for a company's quality management system.

OHSAS 18001 - Occupational Health and Safety Management Systems is an international unified approach for the requirements of an occupational health and safety management system. It is a British Standard that exists to help organizations put in place demonstrably sound occupational health and safety performance.

PCI DSS - The Payment Card Industry Data Security Standard is a proprietary information security standard for organizations that handle branded credit cards from the major credit card companies. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually.

SSAE 18 - Statement on Standards for Attestation Engagements (SSAE) No. 18, also referred to as a Service Organization Controls (SOC) 1 report, is an auditing standard for service organizations and serves as the authoritative guidance for reporting. It was drafted with the intention and purpose of updating the US service organization reporting standard so that it mirrors and complies with the international service organization reporting standard ISAE 3402. See also Third party audit for BMC's SSAE 18 SOC 2 Type II accreditation for the services.

Tier III Certification of Design Documents - As certified by Uptime Institute, tier certification is a performance-based evaluation of a data center's specific infrastructure. The first step in the certification process is the Tier Certification of Design Documents (TCDD) designation. To obtain the TCDD compliance level, Uptime Institute reviews all design documents, ensuring each subsystem among electrical, mechanical, monitoring and automation meet the fundamental concepts.

Service location features

Each BMC-controlled service location adheres to the following minimum standards:

 Features
Site characteristics
  • Built to Tier III design specifications
  • Raised floor and/or overhead cable management systems
Security
  • Security framework: based on the NIST SP 800-53 standards at a Moderate level
  • Guarded 24 hours a day, 7 days a week
  • Card access or biometrics access
  • Multilevel security card readers with battery backup
  • Closed-circuit television (CCTV) surveillance
  • Automated building monitoring system that oversees facility power, environment, and backup systems
  • Perimeter fence and gate controls 
Communications
  • FIPS 140-2 compliant cryptographic ciphers
  • Engineered with redundant network equipment, switches, links, and carriers, ensuring high availability and performance
  • Backbone speeds of the network are based on Gigabit Ethernet and 10-gigabit. Switches and routers have dual power supplies and failover LAN cards.
  • Redundant high speed internet links with multiple carriers for primary sites
  • Redundant firewalls
Electrical and mechanical systems
  • N+1 power infrastructure
  • Redundant grids
  • Mirrored, fully redundant uninterruptible power supply systems (UPS)
  • Redundant diesel generators
  • Redundant power distribution units
  • Redundant chillers, cooling towers or water pumps
  • Redundant packaged heating and air conditioning units
  • Multizone, dry-pipe sprinkler and smoke-detector system with VESDA; water-detection system
  • On-site emergency diesel fuel

6 Comments

  1.  

    1.  

  2.  

    1.  

  3.  

    1.