Navigation * Home / Solutions / Tripwire Change Auditing solutions

Tripwire Change Auditing solutions

Tripwire Change Auditing solutions go beyond basic change and configuration management tools to provide independent detective controls. They also deliver the objective reporting you need to close the loop on change. Detect changes. Respond appropriately. And gain the proof you need for satisfying compliance and security requirements.

Tripwire's change auditing solutions address industry and regulatory issues you confront daily. Through a potent combination of software and professional services, Tripwire independently verifies infrastructure and process integrity through detecting, reconciling and reporting the changes - desired and undesired - that happen throughout your enterprise. Learn how our industry and regulatory expertise helps you manage change.

"Tripwire is one of our most valuable tools to assure once and future compliance" - Barak Engel, Chief Security Officer, InStorecard.

Regulations with strict guidelines increasingly demand accountability for information, system, and process integrity. Tripwire integrates all-inclusive change auditing practices into operations, simplifying compliance with the regulations that govern your industry.

An Ironclad Defense: Detective Control

Tripwire provides what auditors call a detective control. It delivers the hard evidence of IT change auditing that auditors want. Tripwire gives you:

• Automated change control that isn't susceptible to human error or lapses in judgment

• Broad infrastructure coverage of changes on servers, workstations and network devices, including changes made both manually or by automated tools

• Independent evidence of change through perfect segregation of duties - the person or tool that made the change is not used to validate the change

Sarbanes-Oxley Act (SOX)

Section 404 of the Sarbanes-Oxley Act of 2002 holds CEOs and CFOs of publicly held companies responsible for the accuracy of financial statements and financial information issued by their companies and for explaining their internal financial control procedures. Tripwire solutions integrate change auditing practices into your IT operations, verifying and reinforcing controls to demonstrate Sarbanes-Oxley 404 compliance.

Gramm-Leach-Bliley Act (GLBA)

For the financial services industry, GLBA responds to the implications of online banking, e-commerce, electronic records, and the need to secure customer records. GLBA requires banks to protect customer privacy and prove compliance. As a result, system integrity and intrusion detection, coupled with a way to quickly remedy compromises, form the foundation of a bank's IT compliance policies and procedures. Tripwire change auditing solutions provide proven capabilities for meeting GLBA intrusion detection and remediation requirements.

VISA CISP/PCI

Credit Card merchants and service providers who process, store or transmit cardholder data face responsibility for establishing internal and external controls as mandated by the Card Holder Information Security Plan (CISP), or face fines and expulsion.

Tripwire solutions can help organizations achieve PCI regulatory compliance - specifically in the areas of "File Integrity Monitoring," firewall/router security compliance monitoring, and IT change control. Tripwire ensures alerts of modification of critical files, appropriate and timely response to specific personnel in the event of changes, and performance of critical file checks, on a daily (or more frequent) basis. Tripwire change auditing solutions can also maintain a record of all integrity checks and detected violations for use in audits, investigations, and historical reference.

US FDA 21 CFR Part 11 Regulations

Designed with the healthcare industry in mind, the US FDA 21 CFR Part 11 regulations outline criteria for accepting electronic records and electronic signatures as equivalent to paper-based records and handwritten signatures. FDA 21 CFR Part 11 also provides guidelines for documenting and validating authorized change processes to systems and software involved in the creation of electronic documents. Tripwire solutions enable IT groups to close the loop in their IT change management processes.

Health Insurance Portability & Accounting Act (HIPAA) | Regulatory compliance solutions

This initiative is designed to protect the confidentiality and integrity of electronic personal health information. Organisations rely on Tripwire IT change auditing software to help:

• Establish controls for HIPAA application and data analysis, and access authorization and modification
• Record information system activity
• Develop HIPAA security policies that pass HIPAA security compliance audits
• Conduct testing
• Assess risk management practices

Using Tripwire change auditing solutions, healthcare organizations can establish HIPAA security policies and controls that instill accountability throughout their health information systems.

ISO 17799

ISO 17799 is a detailed security standard and a comprehensive set of controls comprising best practices in information security. Organizations that achieve ISO 17799 certification not only prove their commitment to secure operations, they also significantly improve risk management. ISO 17790 is organized into 10 sections that describe best practices for Business Continuity Planning, System Access Control, System Development and Maintenance, Physical and Environmental Security, Compliance, Personnel Security, Security Organization, Computer and Operations Management, Asset Classification and Control, and Security Policies. Tripwire change auditing solutions form the foundation of best practices management for your IT operations.

If you would like to contact a member of our consultancy team today please either telephone or email;

Tel: +44 (0) 1622 812333
Email: consult@bii-compliance.com