Skip to Content

GrC Customer responsibilities

The following is a list of the customer's general obligations to cooperate. The further sections name specific duties to cooperate in relation to the service. The obligations to cooperate listed here are not to be understood as exhaustive.

  • The customer shall support Materna in the provision of the contractual services to an appropriate extent.
  • The customer shall keep the access data provided to it secret and ensure that any employees to whom access data is provided do likewise.

Setup of a Site2Site VPN connection

The customer must have a VPN gateway and provide personnel to plan and execute the VPN connection setup together with Materna specialists.

Setup of BMC Helix Client Gateway

The customer must provide a VM on which the Kaazing client can be installed. The VM must be able to communicate via the Internet. Customer's personnel needs to be involved to plan and execute the connection setup together with Materna specialists.

Configuration of the BMC Helix applications

The customer is provided with a usable but not filled BMC Helix system. With regard to use, configuration, data imports, etc., the responsibility lies with the customer.

Customization of BMC Helix applications

In case of customizing BMC Helix ITSM the described procedure from chapter Application Change Management (Staging) in this document applies. The customer remains responsible for customizations to the standard and is obligated to perform necessary tests (analogous to the RACI matrix shown). Customizations must generally be implemented according to the best practices and recommendations of the manufacturer BMC.

Secure passwords

Since the applications are accessible from the Internet, the customer and its employees are obliged to use secure passwords. This is especially relevant due to the fact that the customer receives accounts with an admin profile that could change the default settings for password rules. Materna recommends the following rules, but the customer's actual password policies may differ:

  • Technical prevention of password reuse
  • Intelligent account blocking in case of multiple failed authentication attempts
  • Password length of at least twelve characters
  • Combination of several character types (lowercase, uppercase, digits, special characters)

Access to customer environments and data

In order for Materna to be able to fulfill its contractual obligations with regard to the operation and support of the service, the customer accepts that Materna personnel are authorized to access the customer's data only as required to deliver the SaaS.

The imperative of data separation

Materna logically separates production environments from test or development environments in order to prevent unauthorized access to customer data, the spread of malware or changes to system components. Data from production environments is not used in test or development environments in order not to jeopardize their confidentiality.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Subscriber Information