Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Continuous compliance

Cloud computing gives you the freedom to choose the right mix of internally and externally provided services that best meet your business requirements. Before you send a service to a public cloud, however, you must consider the compliance requirements associated with that service. Although at first glance, it may appear that you should "just say no" to outsourcing any service that is under regulatory compliance, this approach limits your flexibility in creating the optimum combination of internal and external services. Keep in mind that public cloud providers are continually improving their security and compliance capabilities, making it feasible to offload more services to the public cloud. If you keep your options open, you will be able to take advantage of additional opportunities in the public cloud as they emerge.

Note

Regardless of whether you are in the healthcare, finance, retail, or any other industry, you must make sure your organization meets the regulatory, operational, and security gold standards established for compliance in your industry.

Both IT and the businesses it supports feel the acute pain of service disruptions resulting from problematic changes, and both constantly worry about the accuracy and impact of changes — not knowing whether a change will disrupt service, impact the quality of the service, or result in non-compliance. The ability to keep pace with changes as they come in, the pain of manual processes, and a lack of confidence in up-to-date documentation are all concerns to both IT and the business.

In a cloud infrastructure, it's even harder to convince yourself that you've checked all the boxes and dotted all the i(s). That's why automation is so important — as well as closed-loop compliance on both configuration and regulatory policies.

Manual and disconnected processes add to the risk of errors, non-compliance, and delays, resulting in a drain on both staff and budget resources. To minimize these risks, you need automated solutions that integrate across organizational silos, processes, and tools to manage the entire change and release process — from initiation to validation.

Key steps to continuous compliance include:

  • Enforce regulatory, operational, and security compliance
  • Facilitate auditing
  • Integrate change management

BMC delivers change and release management solutions that control who can make a change, how that change is approved, when it is deployed, and whether it was successful — all according to policy. Our solutions automate change controls, process orchestration, and change execution, including handoffs across silos, with a level of integration unmatched in the industry.

BMC Cloud Lifecycle Management will help you provide compliance through BMC Automation solutions, while also managing your cloud environment through a policy-based Service Governor. Similarly, BMC Remedy IT Service Management Suite will track and verify all changes to the cloud environment and individual cloud services.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*