Resilience, Availability and ComplianceBy David Brattain | Posted 2009-03-06 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Elavon developed a robust, integrated approach to IT management that facilitates business change, regulatory compliance and cost control.
Resilience, Availability and Compliance
Given the role of our IT systems in such a critical revenue-generating and customer-facing process, resilience and availability are essential. We must be able to respond immediately to prevent an IT issue from becoming a critical problem. To provide this proactive response, our Systems & Technology (S&T) organization needs 24/7 visibility into the company’s infrastructure, as well as solid processes for change, release, problem and asset management.
Poor performance in any of these core areas can quickly affect IT availability and overall business continuity. Change and release management are particularly important, since we develop our own applications for use both internally and externally. We have to manage millions of lines of code both in our environment and in external payment solutions. This requires an enormous level of source code management in terms of updates, changes and fixes—sometimes as many as 500 per month.
Ensuring that software is changed and released correctly is essential for safeguarding customer service and meeting regulatory compliance. As a financial services organization, Elavon must adhere to a range of industry and international rules. Compliance with the Payment Card Industry (PCI) Data Security Standards is particularly important because failure to demonstrate the correct procedures can prevent a company from processing transactions. Any compliance contravention could be very damaging for us and our parent company, U.S. Bank, the sixth largest commercial bank in the United States.
To ensure compliance with PCI and other regulations,we need to be able to:
• Demonstrate a separation of duties in the change management process
• Eliminate cron jobs (which execute commands at specific dates and times) from our operating environment
• Provide an audit trail of any systems changes
• Demonstrate our approach to problem management
• Protect confidential customer cardholder information
• Ensure the security of every one of our transactions.