Service locations

BMC's Helix services are hosted from various regional locations. Each customer's service location is dependent on various factors such as environment type, proximity of the customer to the data location, and customer sector (public versus private).

This topic contains the following information:

Service locations and compliance

BMC is committed to offering its services from facilities that meet or exceed the rigorous standards and compliance requirements of our customers. The following table summarizes the key compliance and certification types available from each location.

BMC has partnered with IBM for a seamless integration to its BMC Helix Virtual Agent and Cognitive Automation services. IBM Watson Assistant and Discovery capabilities are provided from the location listed. 

View by: 

BMC Cloud locations

U.S. FedRAMP locations

AWS locations

Azure location

Definitions

Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) program is a public-facing registry of security and privacy controls that includes a comprehensive self-assessment of a company's security posture for their cloud offerings. This program offers third-party auditing and certification processes, as well as automated auditing options.

FedRAMP - Federal Risk and Authorization Management Program is a US federal agency-specific process for assessing and authorizing federal cloud computing products and services. FedRAMP consists of a subset of National Institute of Standards and Technology Special Publication (NIST SP) 800-53 security controls specifically selected to provide protection in cloud environments. BMC's FedRAMP certification is defined for the Federal Information Processing Standards (FIPS) 199 Moderate impact level. 

ISAE 3402 - International Standard on Assurance Engagements No. 3402 was developed to provide an international assurance standard for allowing public accountants to issue a report for use by user organizations and their auditors on the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting.  

ISO 9001 - International Organization for Standardization 9001 sets criteria for a quality management system. Based on a number of quality management principles, this certification assesses customer focus and helps ensure that customers get consistent, good quality products and services.

ISO 14001 - International Organization for Standardization 14001 certifies that a company's environmental policies, protocols and procedures meet a standard whereby impact to the environment is minimized.  

ISO 27001 - International Organization for Standardization 27001 is a specification for an information security management system. This system is an approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

ISO 27017 / 27018 - International Organization for Standardization 27017 and 27018 are cloud-based compliance frameworks for information security controls and privacy protection, respectively. 

ISO 50001 - International Organization for Standardization 50001 specifies requirements for establishing, implementing and maintaining and improving an energy management system, whose purpose is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance. It includes energy efficiency, energy use and consumption.

ISO 9001 - International Organization for Standardization 9001 defines criteria for a company's quality management system.

OHSAS 18001 - Occupational Health and Safety Management Systems is an international unified approach for the requirements of an occupational health and safety management system. It is a British Standard that exists to help organizations put in place demonstrably sound occupational health and safety performance.

PCI DSS - The Payment Card Industry Data Security Standard is a proprietary information security standard for organizations that handle branded credit cards from the major credit card companies. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually.

SSAE 18 - Statement on Standards for Attestation Engagements (SSAE) No. 18, also referred to as a Service Organization Controls (SOC) 1 report, is an auditing standard for service organizations and serves as the authoritative guidance for reporting. It was drafted with the intention and purpose of updating the US service organization reporting standard so that it mirrors and complies with the international service organization reporting standard ISAE 3402. See also Third party audit for BMC's SSAE 18 SOC 2 Type II accreditation for the services.

Tier III Certification of Design Documents - As certified by Uptime Institute, tier certification is a performance-based evaluation of a data center's specific infrastructure. The first step in the certification process is the Tier Certification of Design Documents (TCDD) designation. To obtain the TCDD compliance level, Uptime Institute reviews all design documents, ensuring each subsystem among electrical, mechanical, monitoring and automation meet the fundamental concepts.

Service location features

Each BMC-controlled service location adheres to the following minimum standards: