Child pages
    • Data center overview

       

    To view the latest information for BMC Helix services and policies, go to BMC Helix Subscriber Information.

    Skip to end of metadata
    Go to start of metadata

    BMC's OnDemand solutions are hosted from various regional data centers. Each customer's data center location is dependent on various factors such as environment type, proximity of the customer to the data center, and customer sector (public versus private).

    This topic contains the following information:

    Note

    BMC supports the data residency requirements of its customers through the initial selection of the data center location. Once selected, data remains within the primary and secondary data centers of that location.

    Data center locations and compliance

    BMC is committed to offering its services from facilities that meet or exceed the rigorous standards and compliance requirements of our customers. The following table summarizes the key compliance and certification types available from each data center.

     

    Data Center Locations

    Primary

    Secondary

    Backup (if applicable)

    Data Center Compliance Types

    U.S. Commercial A and

    U.S. Public Sector

    Elk Grove Village, IL

    Chicago, IL

    Santa Clara, CA

     


    SSAE 16, ISO 27001, PCI DSS

    SSAE 16, ISO 27001, PCI DSS

    SSAE 16, ISO 27001, PCI DSS

    U.S. Commercial B

    Santa Clara, CA

    San Jose, CA

    Chicago, IL


    SSAE 16, ISO 27001, PCI DSS

    SSAE 16, ISO 27001, PCI DSS

    SSAE 16, ISO 27001, PCI DSS

    U.S. FedRAMP

    U.S. East coast

    U.S. East coast

     

    SSAE 16, ISO 27001

    SSAE 16, ISO 27001

    European Union

    Amsterdam, The Netherlands

    Amsterdam, The Netherlands

    Zwolle, The Netherlands

     

    SSAE 16, ISO 27001, ISO 50001, ISO 14001, ISO 9001, OHSAS 18001, PCI DSS

    SSAE 16, ISO 27001, ISO 50001, ISO 14001, ISO 9001, OHSAS 18001, PCI DSS

    SSAE 16, ISO 27001, ISO 50001, ISO 14001, ISO 9001, OHSAS 18001, PCI DSS

    United Kingdom

    London, U.K.

    Slough, U.K.

     

    ISO 27001, ISO 50001, ISO 14001, ISO 9001, OHSAS 18001, PCI DSS

    ISO 27001, ISO 50001, ISO 14001, ISO 9001, OHSAS 18001, PCI DSS

    Canada

    Toronto, Ontario

    Mississauga, Ontario

     

    SSAE 16 / ISAE 3402, ISO 27001

    SSAE 16 / ISAE 3402, ISO 27001

    Australia

    Sydney, NSW

    Sydney, NSW

     

    ISO 27001, PCI DSS, Tier III Certification of Design Documents

    ISO 27001, PCI DSS

    Definitions

    FedRAMP - Federal Risk and Authorization Management Program is a US federal agency-specific process for assessing and authorizing federal cloud computing products and services. FedRAMP consists of a subset of National Institute of Standards and Technology Special Publication (NIST SP) 800-53 security controls specifically selected to provide protection in cloud environments. BMC's FedRAMP certification is defined for the Federal Information Processing Standards (FIPS) 199 Moderate impact level. 

    ISAE 3402 - International Standard on Assurance Engagements No. 3402 was developed to provide an international assurance standard for allowing public accountants to issue a report for use by user organizations and their auditors on the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting.  

    ISO 9001 - International Organization for Standardization 9001 sets criteria for a quality management system. Based on a number of quality management principles, this certification assesses customer focus and helps ensure that customers get consistent, good quality products and services.

    ISO 14001 - International Organization for Standardization 14001 certifies that a company's environmental policies, protocols and procedures meet a standard whereby impact to the environment is minimized.  

    ISO 27001 - International Organization for Standardization 27001 is a specification for an information security management system. This system is an approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

    ISO 50001 - International Organization for Standardization 50001 specifies requirements for establishing, implementing and maintaining and improving an energy management system, whose purpose is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance. It includes energy efficiency, energy use and consumption. 

    OHSAS 18001 - Occupational Health and Safety Management Systems is an international unified approach for the requirements of an occupational health and safety management system. It is a British Standard that exists to help organizations put in place demonstrably sound occupational health and safety performance.

    PCI DSS - The Payment Card Industry Data Security Standard is a proprietary information security standard for organizations that handle branded credit cards from the major credit card companies. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually.

    SSAE 16 - Statement on Standards for Attestation Engagements (SSAE) No. 16, also referred to as a Service Organization Controls (SOC) 1 report, is an auditing standard for service organizations and serves as the authoritative guidance for reporting. It was drafted with the intention and purpose of updating the US service organization reporting standard so that it mirrors and complies with the international service organization reporting standard ISAE 3402. See also Third party audit for BMC's SSAE 16 SOC 2 Type II accreditation for the services.

    Tier III Certification of Design Documents - As certified by Uptime Institute, tier certification is a performance-based evaluation of a data center's specific infrastructure. The first step in the certification process is the Tier Certification of Design Documents (TCDD) designation. To obtain the TCDD compliance level, Uptime Institute reviews all design documents, ensuring each subsystem among electrical, mechanical, monitoring and automation meet the fundamental concepts.

    Data center features

    Each BMC-controlled data center adheres to the following minimum standards:

     Features
    Site characteristics
    • Built to Tier III design specifications
    • Raised floor and/or overhead cable management systems
    Security
    • Security framework: based on the NIST SP 800-53 standards at a Moderate level
    • Guarded 24 hours a day, 7 days a week
    • Card access or biometrics access
    • Multilevel security card readers with battery backup
    • Closed-circuit television (CCTV) surveillance
    • Automated building monitoring system that oversees facility power, environment, and backup systems
    • Perimeter fence and gate controls 
    Communications
    • FIPS 140-2 compliant cryptographic ciphers
    • Engineered with redundant network equipment, switches, links, and carriers, ensuring high availability and performance
    • Backbone speeds of the network are based on Gigabit Ethernet and 10-gigabit. Switches and routers have dual power supplies and failover LAN cards.
    • Redundant high speed internet links with multiple carriers for primary sites
    • Redundant firewalls
    Electrical and mechanical systems
    • N+1 power infrastructure
    • Redundant grids
    • Mirrored, fully redundant uninterruptible power supply systems (UPS)
    • Redundant diesel generators
    • Redundant power distribution units
    • Redundant chillers, cooling towers or water pumps
    • Redundant packaged heating and air conditioning units
    • Multizone, dry-pipe sprinkler and smoke-detector system with VESDA; water-detection system
    • On-site emergency diesel fuel