Contact

z/OS Security Server (RACF)

At BCL, we design, implement, and operate RACF as the authoritative security layer for z/OS. Our goal is straightforward: protect system resources, simplify administration, and align controls with audit and compliance requirements, without slowing the business.

Contact

About z/OS Security Server (RACF)

z/OS Security Server (RACF) is the control point for protecting resources on IBM Z. It defines who can access which datasets, transactions, and subsystems, and enforces those decisions consistently across the platform. As organizations connect mainframe workloads to distributed networks and Internet-facing services, RACF provides the policy framework, auditing, and integration hooks needed to keep security strong while maintaining operational speed.

RACF continues to evolve as a central security suite for protecting enterprise resources on z/OS and retains relevance in hybrid, open environments, including DCE-based integrations. BCL’s security consulting is focused exclusively on System z, reflecting our platform specialization.

Why Security on System z Matters

Strong security policies for System z networks and Internet connections are essential. With many third-party security suites available, the most valuable time is often spent defining and documenting your own policies and requirements. BCL helps plan and implement these controls so your environment remains protected, no matter which enterprise-compatible firewall or application you use.

Why RACF on z/OS

Single control point
RACF centralizes identities, roles, and permissions so every protected dataset, resource, and subsystem follows one set of policies that are consistent, auditable, and easy to govern at scale.

Open-systems relevance
 RACF participates in hybrid and open contexts—including DCE—so you can extend access controls across distributed touchpoints without weakening mainframe-grade security.

Operational efficiency
Well-designed RACF class structures, naming standards, and administration procedures reduce daily overhead, minimize policy drift, and make change control and audits straightforward.

Ecosystem alignment
RACF provides the expected interfaces and control points for IBM platforms such as CICS Transaction Server, as well as many third-party products, so application security maps cleanly to enterprise policies.

Why RACF on z/OS

Single control point
RACF centralizes identities, roles, and permissions so every protected dataset, resource, and subsystem follows one set of policies that are consistent, auditable, and easy to govern at scale.

Open-systems relevance
 RACF participates in hybrid and open contexts—including DCE—so you can extend access controls across distributed touchpoints without weakening mainframe-grade security.

Operational efficiency
Well-designed RACF class structures, naming standards, and administration procedures reduce daily overhead, minimize policy drift, and make change control and audits straightforward.

Ecosystem alignment
RACF provides the expected interfaces and control points for IBM platforms such as CICS Transaction Server, as well as many third-party products, so application security maps cleanly to enterprise policies.

Why Choose BCL

BCL pairs deep IBM Z expertise with practical, end-to-end delivery. Our consultants understand RACF policy design, class usage, UNIX System Services (USS) segments, and product integrations. We have delivered many z/OS security solutions, and we’ll assess your current environment and provide a plan to design, implement, and operate RACF in a way that’s secure, auditable, and simple to run day-to-day.

Get Started

Contact us today to get started or to learn more about our Mainframe Consolidation services.

Contact

Client Stories

Chief Information Officer, State Government Agency

“BCL helped us modernize our legacy systems without disrupting critical citizen services. Their team’s responsiveness and deep understanding of the public sector’s compliance landscape made them an invaluable partner. We’ve gained scalability, security, and budget efficiency — all without compromising service delivery.”

Director of IT Operations, Federal Defense Contractor

“Our mission-critical operations demand zero downtime and uncompromised security. BCL delivered exactly that. Their mainframe-as-a-service platform met all our strict security standards, while offering the agility we need to evolve. Their team feels like an extension of our own.”

VP of Technology, Regional Insurance Carrier

“Our core systems are built on decades of mainframe investment, and we needed a partner who could modernize without breaking what works. BCL delivered a seamless migration and now manages our infrastructure with the uptime and compliance we demand. We’ve saved costs and gained peace of mind.”

CTO, Private University

“BCL helped us move off aging hardware and into a cloud-based environment that better supports our student services and administrative needs. Their support team is incredibly responsive, and we’ve dramatically reduced our IT overhead while improving system performance.”

CIO, University Hospital

“We needed to secure patient data, modernize our clinical and claims systems, and ensure HIPAA compliance — all within tight timelines. BCL delivered a fully managed mainframe solution that exceeded expectations. Their technical depth and healthcare expertise made them the ideal partner.”

Head of IT, Global Logistics Firm

“Our supply chain systems depend on reliability and performance. BCL transitioned us from a legacy on-prem setup to a managed mainframe environment with zero disruption. We’re now more agile, with better visibility and uptime — and none of the hardware headaches.”

Frequently Asked Questions

What is Mainframe as a Service (MFaaS)?

Mainframe as a Service (MFaaS) is a fully managed service that delivers mainframe computing capabilities via the cloud or hybrid infrastructure. Instead of owning and maintaining expensive on-premise mainframes, clients can access secure, scalable, and high-performance mainframe resources on a subscription basis.

What types of workloads can run on your MFaaS platform?

We support a wide range of critical workloads, including:

  • Batch and transactional processing
  • COBOL, PL/I, and Assembler applications
  • CICS, IMS, and DB2 environments
  • z/OS, z/VM, VSE, and other IBM mainframe operating systems
  • Third-party tools and legacy applications

Whether you’re in finance, healthcare, government, or retail, we can handle your enterprise-class workloads.

How secure is your MFaaS solution?

Security is our top priority. Our MFaaS environments are hosted in SOC 2 Type II, ISO 27001, and/or FedRAMP-compliant data centers. We implement:

  • 24/7 monitoring and incident response
  • Role-based access controls (RBAC)
  • Encryption at rest and in transit
  • Multi-factor authentication (MFA)
  • Data backup and disaster recovery protocols

We also support compliance with HIPAA, PCI-DSS, GDPR, and other regulatory frameworks.

What are the benefits of moving to MFaaS?
  • Cost Optimization – Avoid capital expenditures (CapEx) and only pay for what you use
  • Scalability – Rapidly scale resources up or down as your business needs change
  • Reduced Risk – Leverage our redundancy, uptime SLAs, and disaster recovery plans
  • Operational Efficiency – Free your internal teams to focus on innovation, not infrastructure
  • Access to Expertise – Get direct access to senior mainframe engineers and modernization architects
Can you help us migrate from our current on-premise mainframe?

Absolutely. We provide end-to-end migration services including:

  • Discovery and assessment of your existing environment
  • Migration planning and risk mitigation
  • Data transfer and application validation
  • Cutover planning and post-migration support

We’ve completed dozens of successful migrations with minimal disruption.

How is MFaaS priced?

Our pricing is transparent and consumption-based. It typically includes:

  • Infrastructure usage (CPU, memory, storage, network)
  • Software licensing and support
  • Managed services (monitoring, patching, backups, etc.)
  • Optional services (disaster recovery, modernization, etc.)

We tailor packages to each client’s specific needs to maximize value and efficiency.

Do you offer support for legacy applications and modernization initiatives?

Yes. We specialize in maintaining legacy systems while enabling a path toward modernization. Services include:

  • Application refactoring or rehosting
  • Interface/API development
  • Integration with cloud-native services
  • Hybrid cloud enablement
Where is your infrastructure located?

We operate multiple secure, geographically redundant data centers across North America, ensuring business continuity, high availability, and compliance with data residency requirements. On-premise and hybrid hosting models are also available.

Who are your typical clients?

Our clients include mid-sized to large enterprises, government agencies, and service providers in:

  • Financial Services and Insurance
  • Healthcare
  • State and Local Government
  • Defense
  • Education
  • Logistics & Manufacturing

They rely on us for mission-critical uptime, operational excellence, and deep mainframe expertise.

How do I get started?

It’s simple:

  1. Contact us for an initial consultation
  2. We’ll assess your current environment and business goals
  3. You’ll receive a customized proposal and migration plan
  4. Once approved, we’ll begin onboarding and transition

Our team will guide you every step of the way.

Back

Mainframe Services

BCL Mainframe Services will help you better align IT services to business priorities by lowering the cost of operating and maintaining your own on-premise Enterprise Server. By teaming with BCL services you get a Managed Service Provider that is skilled & experienced in delivering IBM mainframe system services, custom fit for purpose to meet your needs.