This topic outlines the policy for handling data in the BMC OnDemand solutions.
The BMC commitment to data privacy, integrity, and security is published at www.bmc.com/legal/privacy.
Customer data is any data that you enter into the system during on-boarding activities and normal use of services. This data can contain information that should be managed as sensitive data. For example, in the health care industry, Personal Health Information (PHI) is considered sensitive data. BMC manages sensitive customer data by using the following guidelines:
- Strong physical security mechanisms are in place at all BMC OnDemand facilities based on SSAE16 (or equivalent) certified data centers. See Data center overview for additional details.
- All external solution traffic is secured using encryption.
- You are allocated a dedicated environment that leverages virtualization for the mid tier and application server components.
- Your database is dedicated to your data (data is not mixed among customers).
- The infrastructure and applications are configured to account for security standards using a hardening process to reduce security vulnerabilities.
- Monitoring is in place to alert you of any suspected or actual data breaches.
- Periodic penetration tests are performed to identify any potential or actual security issues.
- The operational and support organizations employ the separation of duties security principle to ensure that only the resources required to support the solution have access to specific data.
- Periodic internal and external security audits are run on the systems to identify any vulnerabilities.