From the Security Experts

April 19, 2010

Bertucci Corp. Leverages Tripwire's Compliance Automation Software for PCI and Privacy Regulation Compliance

By SIP Trunking Report Contributor

IT security and compliance automation solutions provider Tripwire Inc. announced that Bertucci’s Corporation has purchased the company’s compliance automation software, Enterprise, in order to meet as well as maintain the international information security standards set by the Payment Card Industry Data Security Standard “PCI DSS” and by the Massachusetts Privacy Regulation 201 CMR 17.

Bertucci’s Corp. operates more than 90 restaurants in ten states and the District of Columbia. According to the company, it processes in excess of 3,795,847 card transactions per month. So, it is required to conform to the regulatory standards intended to protect customer data.

In addition, the Bertucci’s restaurants located in New England must also comply with Mass 201 CMR 17, a regulation that mandates strong controls to protect personally identifiable information and breach notifications for Massachusetts residents.

In this regard, Bertucci’s Corp. was required to ensure that its IT systems were capable of handling sensitive credit card data. By purchasing Tripwire’s configuration security and compliance automation software, Enterprise, Bertucci’s restaurants are now able to safeguard customer data by proactively maintaining security, regulatory, and operational compliance.

According to Tripwire, its Enterprise compliance automation software addresses both the PCI specification and Mass privacy regulation with enhanced file integrity monitoring in real time. This is carried out by identifying undesirable, unauthorized change that puts the infrastructure, and therefore cardholder data and other personally identifiable information at risk. The change occurred is highlighted as unauthorized or non-compliant in an online, configurable dashboard for quick, easy investigation and remediation.

Offering a single source for detecting, analyzing and reporting all change across the entire IT infrastructure, the Tripwire Enterprise solution allows users themselves to specify how frequently to monitor for change. The software can even check for change on an event-driven basis.

In addition, the Tripwire Enterprise solution comes with policy templates. These templates assess relevant configurations across physical and virtual infrastructure, alerting administrators to settings that are out of line with compliance requirements. Furthermore, Tripwire’s file integrity monitoring ensures compliance with automatic alerts about any suspect change activity after the configurations have been adjusted.

Kevin Quinlan, senior IT director of Bertucci, said, “Bertucci’s Corporation needed a solution that would address multiple compliance requirements. Tripwire Enterprise’s proactive configuration assessment monitors changes to our systems affected by PCI and, by detecting and reporting any unauthorized changes, ensures that any issues are immediately brought to our attention.”

“With Tripwire Enterprise, we have been able to easily and cost effectively achieve and maintain PCI compliance. Additionally, Tripwire was ahead of other vendors in addressing Mass 201 and even had specific policies that we could use right out of the box,” Quinlan added.

Jayashree Adkoli is a contributing editor for TMCnet. To read more of Jayashree's articles, please visit her columnist page.

Edited by Kelly McGuire