From a “60,000 foot view,” BAS looks like a software development company focused on automating employee benefits enrollment and administration. However, a deep dive into BAS’ operations will uncover an organization committed to data security and IT best-practices. Toward this end, BAS utilizes many tools to help it continually monitor its systems for threats, risks and non-compliance. It also implements corrective security controls that automatically remediate issues.
One platform on which BAS’ IT department depends is its Tripwire VIA, which provides unprecedented controls for change management and log management. One feature, in particular, is the Tripwire file integrity monitoring (“FIM”), which BAS uses to establish a known-and-trusted state based on BAS’ polices, standards and compliance requirements.
“It only takes one accidental, misguided, undocumented or even malicious change to undermine the state of any organization’s systems and turn integrity into uncertainty”1. BAS’ implementation of Tripwire’s File Integrity Manager enables BAS to find, assess and act on changes as rapidly as they may occur. It assures ongoing system integrity and automates detecting, auditing and reconciling changes across hundreds of pieces of equipment and servers.
BAS' commitment begins with a comprehensive implementation of Tripwire that gives BAS’ personnel the necessary tools to monitor critical changes throughout its systems. Additionally, BAS has committed the personnel to develop advanced competency with this tool and the organizational support to continually expand Tripwire further into and across its networks.
Though all of this may sound like “Greek” to many readers, BAS’ change management practices are, in part, its ongoing and dedicated effort to comply with HIPAA HITECH security rules and other security compliance requirements.