cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
474
Views
0
Helpful
2
Replies

PCI Compliance with Tidal Scheduler

Cheri Dixon
Level 1
Level 1

Looking for information on how Tidal is treated/mitigated within PCI environments within banks and retailers.

2 Replies 2

Todd Clayton
Level 1
Level 1

We're going through a PCI compliance audit right now, and TIDAL is out of scope. 

(We're a wireless telecom.)

 

Michelle Morris
Level 1
Level 1

At a company I worked for, Tidal was in-scope as it ran jobs on in-scope applications.  We had to show how security policies were setup to prevent unauthorized Tidal users from accessing those jobs or the agent/adapter.  We had to show what our procedure was for adding and deleting interactive users.  We had to show that alerts were generated for job failures for those applications, show how we entered the incidents in our ticketing system.  And then show how we responded to the incident and what our resolution was.

 

I did a couple of things to help with the process.  One was to require an agent/adapter was defined on each job, not inherited to ease showing auditors what job was running on what system (I know this one might generate comments.  I was over-cautious since it was a financial audit.  6.x also improves searching).  The second was that we were required to keep a full fiscal year up to the time of the audit, so I built a process to copy data to a Tidal_Archive database that I built.  That way my production database stayed small, but I still had the history (alerts, operator actions, logs, events) for review.

 

Hope that helps,

Michelle

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: