Fortra Meets IT Security Needs for Napa Recycling and Waste Services


Napa Recycling and Waste Services (NRWS) provides recycling and waste collection to businesses and residents in the City of Napa and southern unincorporated Napa County. The entire county, with 90 percent of its agricultural land devoted to viticulture, is home to more than three hundred wineries in the Napa Valley, and is one of the top wine producing areas of the United States. In addition, the wine industry attracts as many as five million visitors each year. Since its founding in 2005 in this environment, NRWS has expanded its service offerings from recycling and waste collection to handling construction debris, and has acquiring garbage processing and composting facilities.

NRWS sustainability services impact both the tourism and wine industry. For example, the organic compost from Napa’s yard waste and grape pomace produces 40,000 tons of organic fertilizer annually which is sold back to a host of customers, including wholesale and retail nurseries. Also, NRWS bought 300,000 wine bottles collected by users in the last six months, which they recycled and sold to the winemakers for reuse. NRWS’s sustainable efforts have already reached beyond the 50% recycling goals set forth by California law, and has set new goals for 75% sustainability.

The Challenge

Softpak, a commercial software vendor with software designed for the waste management industry, provides customer service and online distribution capabilities, as well as container tracking and accounts receivable functions, for its client base.

Mike Murray, Chief Financial Officer of NRWS, is responsible for the company’s IT systems and financial reporting. He recently oversaw an SAS (Statement on Auditing Standards) 70 audit, an in-depth audit which includes the examination of controls over IT and related processes, essential when service providers process data belonging to their customers.

“NRWS passed the SAS 70 with flying colors, except for its procedures and processes security relating to transactions,” said Murray. He knew he needed to find a solution for this problem and asked for a recommendation for a firm specializing in security policy compliance management.

The Solution

A business partner suggested assessment software and security services provided by Fortra. Murray asked for a detailed plan for remediating and instituting a new security architecture. This involved a comprehensive vulnerability assessment, followed by an onsite visit. An expert member of the security team personally took Murray through the steps of identifying current processes and users, and determining the level of access required for all users. She recommended Risk Assessor and Policy Minder for IBM i. The tools were essential for remediating and instituting a new plan for Napa Recycling to make the sure the configurations met Napa Recycling’s requirements. The tools also provide reports as proof to the auditors that the users and system continue to be configured properly.

Risk Assessor

This risk assessment software analyzes more than 100 risk points, providing comprehensive answers to the “why, what and how” of a risk assessment.

Policy Minder for IBM i

This software automates security policy compliance and delivers comprehensive security administration functionality, reducing the hours of labor intensive analysis required in the compliance process.

The Results

“We were able to address our auditor’s concerns by fixing the problems identified by the Fortra,” Murray stated. “We have taken protective measures so that our transaction systems now meet the PCI Security Council Standards to proactively protect customer account data.”

“I was very comfortable with the team from the beginning,” Murray continued. “They walked me through the processes involved in assessing the current system and identifying the problem, and provided a roadmap and user training documents. It was easy to work with them and they made the changes solid and painless.”

Let's Get Started

See how Policy Minder can help you document and manage your IBM i security policy.