Skip to main content

Jira ↔ BMC Remedy Integration — Vendor Due Diligence

A Comparative Due-Diligence Analysis for Bi-Directional Jira ↔ BMC Remedy Integration

Vendors evaluated: ZigiOps · Exalate · Unito · BMC Helix iPaaS (Jitterbit)

Prepared: 2026-04-30

Scope. This document evaluates productized integration platforms for bi-directional synchronization between Atlassian Jira (Cloud, Server, Data Center; Software and JSM) and BMC Remedy / BMC Helix ITSM. Other systems (ServiceNow, Salesforce, Azure DevOps, monitoring tools) appear in vendor capability matrices for context but are not the primary integration target.

Disclaimer. This document is independent research based exclusively on publicly available sources. No conversations, briefings, demos, or NDA-protected materials have been exchanged with any of the four vendors evaluated. This research was not commissioned, sponsored, or reviewed by any vendor. Vendor offerings, pricing, and compliance posture in actual procurement may differ from the public record; all findings should be confirmed with the vendor directly before signing.

TL;DR

Four vendors evaluated; two ship a productized BMC Remedy connector — the shortlist reduces to BMC Helix iPaaS and ZigiOps

  • Of the three third-party alternatives, only ZigiOps ships a productized Jira ↔ BMC Remedy connector (Atlassian Marketplace app 1221587). Exalate and Unito do not have a BMC Remedy connector at all. The shortlist reduces to BMC Helix iPaaS vs ZigiOps.
  • BMC Helix iPaaS (Jitterbit-powered) is the only first-party, BMC-accountable option. Helix ↔ Jira (Software and JSM) is one of three documented OOTB BMC iPaaS templates. Full iPaaS capability (API Manager, 200+ connectors, on-prem Private Agents), enterprise support, and FedRAMP Moderate ATO on the BMC Helix layer. It is also the most expensive of the four and has the steepest learning curve.
  • ZigiOps is materially cheaper, no-code for templated Jira ↔ Remedy patterns, on-prem-capable, and bundles implementation. It is a third-party ISV without first-party BMC accountability and lacks iPaaS-grade ETL/API/orchestration capability. Its Atlassian Marketplace listing for the BMC Remedy connector was last updated 2022-08-02 — a meaningful supplier-risk signal for a Jira-side procurement.
  • The choice between them depends on integration scope and roadmap. Narrow Jira ↔ Remedy ticket-sync scope favors ZigiOps; broader integration roadmap (HR/AD, ERP/CMDB, future API-led services) and federal/regulated workloads favor BMC Helix iPaaS.
  • Exalate is excluded on native-connector grounds. Exalate is a strong product for Jira ↔ Jira cross-company and Jira ↔ ServiceNow synchronization, but does not ship a BMC Remedy connector. In Exalate’s own community forum (2020-08-14), CEO and co-founder Francis Martens states BMC Remedy support is “possible as a custom project” — not productized.
  • Unito is excluded on native-connector grounds. Its 67-connector catalog contains zero BMC products; Unito is not a BMC partner; the product is positioned for work-management sync (Jira ↔ Asana patterns), not enterprise ITSM integration with BMC Remedy.

Verification Methodology

Sources used: vendor websites and product documentation, marketplace listings (BMC, OpenText ITOM, Atlassian), regulatory registries (FedRAMP Marketplace, Belgium KBO/CBE, Corporations Canada, Bulgarian Commercial Register), analyst placements (Gartner Magic Quadrant, Forrester Wave, Info-Tech / SoftwareReviews, Nucleus Research), customer-review platforms (G2, Capterra, TrustRadius, Gartner Peer Insights), public press releases and trade-press coverage, and Wayback Machine snapshots for historical claims. No vendor was contacted in the course of this research.

Every non-trivial factual claim carries a verification tag:

  • [VERIFIED] — confirmed against a first-party vendor page, official documentation, or regulator/marketplace listing, with a URL cited inline.
  • [VENDOR CLAIM] — stated by the vendor in marketing or sales collateral but not independently corroborated. Treated as provisional.
  • [BIASED SOURCE] — sourced from a competitor’s comparison page. Used only when the claim is not in dispute and no cleaner source was available.
  • [UNVERIFIED] — could not be confirmed from any reliable public source; flagged explicitly rather than asserted.

A consolidated list of unverified items appears in the appendix.

At-A-Glance Verdict Matrix

ZigiOpsExalateUnitoBMC Helix iPaaS
Native Jira ↔ BMC Remedy connectorYes [VERIFIED] (Atlassian Marketplace 1221587)No [VERIFIED]No [VERIFIED]Yes [VERIFIED] (BMC OOTB template)
Atlassian Marketplace presence (Jira side)Listed; last updated 2022-08-02; no Partner tier badgeGold Partner; 4,101 installs; last updated 2025-12-17 (Jira ↔ Jira / ServiceNow product)Listed for Jira (work-management connectors only)N/A (BMC owns the contract; no Atlassian Marketplace app)
BMC partner statusSelf-described BMC partner [UNVERIFIED tier]None [VERIFIED absent from integrations docs]None [VERIFIED absent from integrations docs]First-party OEM [VERIFIED]
On-prem deployment optionYes (Windows / Linux / self-hosted)Yes (DC node for Jira DC, ServiceNow on-prem)No (SaaS only, AWS US)Yes (Private Agents in customer network)
Pre-built Jira ↔ Remedy templatesIncident, Change, CMDB/Atrium, work notesN/A — no Remedy connectorN/A — no Remedy connectorHelix ITSM ↔ Jira (Software and JSM); plus ServiceNow, Salesforce, Azure DevOps, CMDB federation
Pricing transparencyQuote-only; reseller floor ≈ $500/mo per pairPublic pricing ladder; free tierPublic pricing ladder; no free tierQuote-only
Shortlist statusQualified — narrow scopeExcluded — no connectorExcluded — no connectorQualified — broad scope

Architectural Paradigms — What These Tools Actually Are

Before comparing vendors, distinguish the two product categories in play.

Point-to-point synchronization platforms — ZigiOps, Exalate, Unito — are designed to keep records aligned across two systems. Their primary job is bi-directional field mapping, conflict resolution, and loop prevention. They excel at “Incident 1234 in Remedy mirrors Ticket INC-567 in ServiceNow” patterns. They are not general-purpose orchestration tools and they do not ship API management, ETL tooling, or event-stream processing.

Integration Platform as a Service (iPaaS) — BMC Helix iPaaS (Jitterbit), MuleSoft, Workato — are full integration platforms. They do bi-directional sync, but they also do ETL, API management, event-driven orchestration, hybrid SaaS-plus-on-prem bridging, and broad application coverage (ERP, HR, finance, CRM). The tradeoff is complexity and cost: iPaaS platforms are more capable and more expensive.

Pick a point-to-point tool if the integration requirement is narrow, well-defined, and unlikely to expand. Pick an iPaaS if you anticipate integration surface growth beyond ITSM — HR-to-AD provisioning, CMDB-to-asset-system federation, ERP bridging, API-led architecture for new services.

Exalate — Evaluated and Excluded (No Native BMC Connector)

Headline: Exalate does not ship a native connector for BMC Remedy, BMC Helix ITSM, or BMC AR System. This is the dispositive finding and it is confirmed by three independent signals.

The Three Signals

  1. Exalate’s integrations page and supported-connectors documentation list no BMC product. [VERIFIED 2026-04-22] via https://exalate.com/integrations/ and https://docs.exalate.com/docs/exalate-supported-integrations.
  2. Exalate’s own community forum contains a single public thread asking “Any plans to integrate with BMC Remedy?” The response, from Francis Martens (Exalate CEO and co-founder per Crunchbase / exalate.com/who-we-are; the forum post identifies him as “Francis Martens (Exalate)”): “This is possible as a custom project - please contact our sales directly for more details.” The post and reply are both dated 2020-08-14 — over five years old, and the most recent public statement Exalate has made on BMC Remedy. [VERIFIED] via https://community.exalate.com/t/any-plans-to-integrate-with-bmc-remedy/4313. No roadmap commitment exists.
  3. Exalate’s own competitive comparison with ZigiOps credits ZigiOps with BMC Helix/Remedy support and does not claim equivalent coverage for itself. [VERIFIED] via https://exalate.com/blog/zigiops/ [BIASED SOURCE — self-declared competitor comparison, used here only to corroborate the non-support finding].

Company and Product Background

  • Origin (KBO/CBE-verified): The legal entity now known as EXALATE NV (KBO 0834.937.594) was incorporated 2011-03-29 as iDalko in Antwerp, Belgium. The Exalate product was developed inside iDalko; the year of productization is [UNVERIFIED]. On 2023-04-28 the licensing/consulting business of iDalko was acquired by Avisi as a separate transaction; on 2023-05-08 the retained software entity was renamed from iDalko to EXALATE NV. Founders Francis Martens and Hilde Van Brempt remain directors of record. [VERIFIED] via https://kbopub.economie.fgov.be/kbopub/toonondernemingps.html?ondernemingsnummer=0834937594&lang=en, https://siliconcanals.com/news/idalko-and-exalate-to-operate-independently/, and https://exalate.com/who-we-are/.
  • HQ: Antwerp, Belgium.
  • Leadership: Francis Martens (CEO), Hilde Van Brempt (COO), Bruno Dauwe (Head of Product).
  • Scale claims: 2,500+ customers, 8,000+ active installs, “30% of Fortune Top 50.” [VENDOR CLAIM]
  • Center of gravity: Jira-centric (Jira↔Jira cross-company, Jira↔ServiceNow, Jira↔Azure DevOps). ServiceNow is the most mature non-Jira connector.
  • BMC partner status: None. No BMC product appears in Exalate’s integrations or supported-connectors documentation; no BMC Technology Alliance Partnership; no BMC-focused implementation partners in Exalate’s 200+ partner network. [VERIFIED absent from Exalate's own docs] Note: bmc.com/partners/bmc-integrations.html is a product/category hub, not an enumerated ISV directory — its absence is not dispositive. The affirmative absence comes from Exalate’s own product documentation.

What an Exalate-Based BMC Integration Would Actually Look Like

Because no native connector exists, the only paths are:

  1. Exalate Enterprise tier + custom-connector engagement. This is the vendor’s officially acknowledged route per the community forum response. Pricing, timeline, and SLAs are unpublished. [UNVERIFIED]
  2. Generic HTTP client from within Groovy sync scripts. Exalate’s httpClient inside script rules calls arbitrary REST APIs. This means one Exalate node on a supported system (e.g., Jira) with custom Groovy scripts calling Remedy’s REST API. The BMC side has no Exalate presence — no queue, no error retry UI, no replica auditing on the Remedy end. This is a one-sided adapter, not a peer-to-peer Exalate connection. No public evidence anyone has shipped this pattern in production (search of GitHub, Atlassian Community, Reddit, BMC Communities returned zero published implementations).
  3. Partner-built integration. Exalate references 200+ certified partners; none publicly advertise a productized BMC Remedy connector. [UNVERIFIED]

All three paths reduce to bespoke engineering — the opposite of purchasing a productized integration.

Security and Pricing

  • Certifications: ISO/IEC 27001:2022 [VERIFIED] (current revision, BC Certified badge). No public SOC 2 Type II report advertised on exalate.com/security or the Trust Center. [UNVERIFIED]
  • Atlassian Marketplace standing: Exalate’s primary Atlassian Marketplace listing (app 1213645) carries the Gold Marketplace Partner badge with 4,101 installs and active maintenance (last updated 2025-12-17, v4.1.20-AC). Cloud, Server 11.0.0–11.3.4, and Data Center 11.0.0–11.3.4 supported. [VERIFIED 2026-04-30]
  • Architecture: Decentralized node-to-node with single-tenant Exalate Cloud nodes and JWT-signed peer-to-peer messages. This differentiates Exalate in Jira↔Jira cross-company scenarios where neither side trusts the other with config. It is irrelevant for a BMC Remedy scenario where no Exalate node exists on the Remedy side.
  • Security monitoring: NVISO SOC + Palo Alto Cortex MDR EDR [VERIFIED on current security page].
  • Pricing ladder (public): Free Plan (“Free forever — pre-made configuration for basic scenarios”) [VERIFIED across exalate.com/pricing-licensing/ snapshots 2023-2026] · Starter ($100/mo monthly or $85/mo annual, 25 active items) [VERIFIED] · Scale ($325/mo monthly or $280/mo annual, 100 active items) [VERIFIED] · Pro (from $550/mo annual only) [VERIFIED] · Enterprise (custom). Sources: https://exalate.com/pricing-licensing/ and https://exalate.com/pricing/.
  • BMC Remedy is not included in any published tier. Custom-connector engagement requires Enterprise tier. [VERIFIED via comparison of tier connector lists]

Exalate Verdict

Evaluated and excluded as a primary BMC Remedy integration platform. The product does not address the requirement natively and the vendor’s public guidance is to treat it as a custom-build engagement. Exalate is a fit for Jira↔ServiceNow or Jira↔Jira cross-company synchronization — its decentralized architecture and scripting flexibility are strengths in those scenarios — but that is not the requirement here.

Unito — Evaluated and Excluded (No Native BMC Connector)

Headline: Unito does not ship a native BMC Remedy or BMC Helix ITSM connector. Verified against Unito’s own 67-connector catalog on 2026-04-22. Unito is not a BMC partner. Unito’s product is work-management sync (Jira↔Asana patterns), not enterprise ITSM integration.

The Verification

SourceFinding
https://unito.io/connectors/67 connectors. Zero BMC products (verified 2026-04-22). ITSM tools in catalog: ServiceNow, Jira Service Management, Freshservice, Zendesk.
https://unito.io/integrations/No BMC products. No “upcoming” BMC connector.
https://guide.unito.io/integration-documentationNo BMC documentation exists.
Wayback Machine — unito.io/connectors/ 2025-04-0162 connectors then; BMC has never appeared at any captured snapshot.

[VERIFIED 2026-04-22]

Company and Product Background

  • Company: Unito Inc., Montreal, Canada. The current federal CBCA entity (Corporations Canada #11442279) was formed by a 2019 amalgamation of two predecessor corporations. The earlier predecessor was incorporated 2015-04-30; the product launched October 2016 per the About Us page. The “2015 vs 2016” framing is therefore predecessor-incorporation vs product-launch, not a vendor-data inconsistency. Federal jurisdiction (CBCA), Business Number 824064562, registered office in Montreal. [VERIFIED]
  • Funding: ~$33.1M total across pre-seed, seed, Series A, and a $20M Series B in October 2022 led by CDPQ’s Equity 253 fund. [VERIFIED]
  • Customers: HubSpot, HP, Wix, Warner Bros, Logitech, EY, Cornell, MIT, Stanford. [VERIFIED via homepage logo wall] The case-studies page features a different cohort: Atlassian, Coveo, Corpay, B&H Photo.
  • Deployment: SaaS only, AWS US regions. No self-hosted, on-prem, or customer-VPC option. [VERIFIED]
  • Positioning: “No-code, 2-way sync in minutes” for cross-SaaS work-management scenarios. Strengths are Jira↔Asana, Trello↔GitHub, Salesforce↔HubSpot, ServiceNow↔Jira, and similar work-management-to-work-management patterns. Not positioned as an enterprise ITSM integration platform.

Paths to a Unito-Based Remedy Integration (None Are Good)

  1. Commission a custom connector from Unito Professional Services. Pricing and timeline are unpublished. [UNVERIFIED]
  2. Build a private connector on Unito’s Developer Platform (still in early access as of 2026-04-30; originally launched in early access August 2024). Requires the customer to have engineering capacity and Remedy REST/AR API knowledge. This inverts Unito’s entire “no-code, minutes-to-value” positioning.
  3. Broker through a middle tool (e.g., Remedy → ServiceNow via some other mechanism, then ServiceNow ↔ Unito). Architecturally brittle, adds a failure surface, defeats the purpose.

Public Pricing Ladder (Third-Party-Aggregated)

PlanPriceUpdate frequencyNotable gating
Basic$99/mo15-min pollingSingle “hub” tool constraint; basic fields only
Pro$299/mo15-min pollingUnlimited custom fields, sub-items
Business$769/moReal-time (webhook)Unlimited any-to-any connections
EnterpriseCustomReal-timeSSO/SAML, premium/enterprise connectors, on-prem connectors, advanced security

[VERIFIED] via Capterra/GetApp aggregators. Unito’s own pricing page does not publish dollar amounts.

Notable commercial facts:

  • No free tier. 14-day free trial only.
  • Real-time sync is gated to Business tier ($769/mo) and above. Basic and Pro are 15-minute polling — operationally unacceptable for P1 ITSM escalation.
  • ServiceNow, Salesforce, Jira On-Prem, Jira Data Center, Eloqua are Enterprise-only connectors. A hypothetical BMC connector would follow the same Enterprise-tier pattern.
  • Items-in-sync caps per tier are visible only in-app or via sales, not public.

Security and Compliance

  • SOC 2 Type II certified. Public announcement at https://unito.io/blog/unito-soc-2-type-ii/ is from April 2022 (last update May 2023). Current report availability is via trust portal under NDA; the public blog post is ~4 years old. [VERIFIED — public attestation from 2022; current report on request]
  • GDPR compliant. [VERIFIED] SCCs for EU→US transfer and DPA-on-request are not stated on unito.io/security/ or guide.unito.io/how-secure-is-unito. [UNVERIFIED — confirm in procurement]
  • Data residency: AWS US only. No EU, Canadian, or APAC residency option. Hard constraint for customers with residency obligations in those regions. [VERIFIED]
  • HIPAA: Not advertised. [UNVERIFIED] — relevant if Remedy workflows touch PHI.
  • ISO 27001: Not advertised on security page. [UNVERIFIED]
  • SSO/SAML: Enterprise tier only. [VERIFIED]

Unito Verdict

Evaluated and excluded on native-connector grounds. Unito is a competent product in its actual market — cross-SaaS work-management sync — but that is not this use case. The premise of Unito as a BMC Remedy integration tool does not hold up to primary-source verification.

BMC Helix iPaaS (Powered by Jitterbit)

Headline: BMC Helix iPaaS is Jitterbit Harmony, sold and supported by BMC, pre-packaged with BMC-authored connectors and templates for Helix ITSM, Remedy, Discovery, and CMDB. It is the only first-party, BMC-accountable option of the four candidates.

What It Is

  • Relationship: OEM partnership between BMC and Jitterbit announced July 27, 2021 (BMC press release). BMC Helix iPaaS is not a fork — customers receive the same underlying runtime (Cloud Studio, Jitterscript, API Manager, connector catalog) as standard Jitterbit Harmony customers, plus BMC-authored Helix-specific templates and connectors. [VERIFIED]
  • BMC as contracting party: BMC owns the contract, first-line support, and roadmap responsibility for the BMC-specific content. Jitterbit is the runtime provider behind the scenes.

Architecture

BMC Helix iPaaS deployment for Jira ↔ Remedy — on-prem Remedy and Private Agents in the customer network connect outbound to Jitterbit Harmony, which brokers the bi-directional sync to Atlassian Jira (Cloud or Data Center) via the documented OOTB Helix ITSM ↔ Jira template

  • Platform: Jitterbit Harmony, multi-tenant cloud iPaaS on AWS.
  • Cloud Agents: Managed by Jitterbit, used for cloud-to-cloud integrations (Helix SaaS ↔ ServiceNow, Helix SaaS ↔ Salesforce).
  • Private Agents: Customer-deployed (Windows/Linux/Docker) inside the customer network. Outbound-only to Harmony. Required pattern for on-premise BMC Remedy. Can be clustered for HA.
  • Data residency: Multi-region — NA (US), EMEA (EU), APAC. Customers are provisioned in the region matching their Helix tenant. [VERIFY current region list for EMEA/APAC specifics]

BMC Connector Specifics

  • Native BMC Helix / Remedy connector. [VERIFIED] via https://docs.jitterbit.com/integration-studio/design/connectors/bmc-helix-itsm/connection/.
  • Objects supported: Jitterbit’s connector docs name functional categories (Incident Management, Change Management, Problem, Work Order, Known Error). The underlying AR System form codes (HPD:Help Desk, CHG:Infrastructure Change, PBM:Problem, SRM, WOI:WorkOrder, AST:Asset, BMC_BaseElement (CMDB), RKM (Knowledge), HPD:WorkLog) are inferred from generic Remedy AR System knowledge, not enumerated in Jitterbit’s documentation. Attachments via AR System REST. [VERIFIED for functional categories; form codes are inferred]
  • Custom form support: Any AR System form via dynamic metadata discovery in Cloud Studio. [VENDOR CLAIM — feature is not enumerated on the connector connection-page docs cited]
  • Bi-directional mapping: Supported, configured as independent inbound/outbound flows. This is more flexible than a single two-way “sync object” but requires more explicit configuration.
  • Attachments: Supported. Large-attachment handling depends on Private Agent memory sizing.
  • Worklog sync: Supported; multiple BMC-authored templates include worklog propagation.
  • CMDB: CMDB federation and CI sync via Atrium CMDB / Helix CMDB REST. First-class capability — ZigiOps, Exalate, and Unito do not treat CMDB as a first-class object catalog.
  • Helix SaaS vs on-prem Remedy: Connector supports both. On-prem Remedy requires Private Agent deployment inside the customer network; authentication via Remedy credentials or RSSO.

Pre-Built BMC Templates

Documented OOTB templates (BMC docs at https://docs.bmc.com/docs/iPaaS/out-of-the-box-integration-templates-1118400647.html): [VERIFIED]

  • BMC Helix ITSM ↔ ServiceNow (Incidents)
  • BMC Helix ITSM ↔ Jira (Software and JSM)
  • BMC Helix ITSM ↔ Salesforce (Users → Helix People)

Other templates referenced in BMC marketing but not enumerated in the OOTB-templates docs page [VENDOR CLAIM]: Helix ITSM ↔ Microsoft Azure DevOps · Helix Discovery ↔ Helix CMDB federation · Helix ITSM ↔ Teams / Slack notifications · Helix ITSM ↔ SAP (custom-extended). The public docs page does not list them; distribution channel (Jitterbit Marketplace or BMC EPD) is [UNVERIFIED].

Note: https://marketplace.bmc.com now redirects to BMC’s generic integrations hub. BMC-developed templates are distributed via BMC EPD (https://www.bmc.com/support/resources/product-downloads.html), and Jitterbit-side template assets via the standard Jitterbit Marketplace.

Development Model

  • Cloud Studio: Browser-based visual designer. Not a desktop IDE; positioned by Jitterbit as the next-generation alternative to Design Studio. Both coexist; customers choose with guidance from Jitterbit Customer Success. [VERIFIED via Jitterbit docs]
  • Jitterscript: Jitterbit’s proprietary transformation language. Required for any non-trivial transform — conditionals, array manipulation, caching, sub-operation calls, DB lookups. It is a scripting language with a learning curve. Multiple G2/Capterra/TrustRadius/AWS Marketplace reviewers cite “steep learning curve” and “outdated documentation”; Jitterbit University offers paid scripting-specific courses. Developers with JavaScript/PL-SQL backgrounds pick it up faster, but this is not no-code. Plan for dedicated integration developers or Jitterbit-trained partners.
  • API Manager: Built-in API gateway — exposes integrations as managed REST APIs with keys, throttling, and developer portal. Enables “integration-as-an-API” patterns. None of the three alternatives offer this capability.
  • Connector catalog: Jitterbit’s connectors page (https://www.jitterbit.com/connectors/) states “more than 200 connectors” across ERP, CRM, HR, databases, cloud platforms; third-party 2026 reviews (Integrate.io, DCKap) reference 400+. The “500+ connectors” figure circulated in BMC iPaaS marketing is not corroborated by Jitterbit’s page. [VENDOR CLAIM — current vendor page is 200+, not 500+]

Security and Compliance

  • SOC 2 Type II: Maintained (Jitterbit). [VERIFIED via trust.jitterbit.com]
  • ISO/IEC 27001: Maintained. [VERIFIED]
  • HIPAA: BAA available on eligible plans. Verify tier eligibility at procurement. [VERIFIED availability; tier dependencies exist]
  • GDPR: Compliant, EU DPA available.
  • FedRAMP: Jitterbit Harmony itself is not listed on the FedRAMP marketplace as of 2026-04-30. However, BMC Helix is FedRAMP Authorized at Moderate impact (package ID F1510057481, initially authorized 2016-05-05, currently Rev5, 4 authorizations / 3 reuses). For BMC Helix iPaaS workloads that touch a FedRAMP-required boundary, the BMC Helix authorization is the relevant boundary; the iPaaS layer’s status should be confirmed with BMC explicitly during procurement. [VERIFIED] via https://www.fedramp.gov/marketplace/products/F1510057481/. None of ZigiOps, Exalate, or Unito appears in the FedRAMP marketplace.
  • SSO: SAML 2.0 and OIDC. RBAC on projects, environments, and agents.
  • Encryption: TLS 1.2+ in transit; AES-256 at rest for Harmony-stored metadata and logs.
  • Customer-managed keys (BYOK): Historically tier-restricted or limited. [UNVERIFIED for current cycle]

Scalability

Harmony scales horizontally by adding Private Agent Groups and via Harmony auto-scaling for Cloud Agent workloads. Throughput depends on endpoint API limits (Remedy REST rate limits, Helix SaaS throttles), record size, transformation complexity, and agent sizing. Jitterbit publishes directional throughput claims; they are not independently benchmarked. [VENDOR CLAIM] Standard platform SLA is 99.9% uptime; higher tiers available.

Pricing (Directional, Not Quoted)

  • Model: Quote-based. No list prices published.
  • Directional ranges from historical anecdotes (Gartner Peer Insights, reseller listings):
    • Entry: $30K–$50K/year for small deployments
    • Mid-market: $50K–$100K/year
    • Enterprise: $100K–$250K+/year with multi-region, premium support, high message volume
  • BMC Helix iPaaS bundling: Can be an add-on to an existing Helix ELA; the incremental cost depends on the overall BMC commitment.

This is the most expensive of the four options in all realistic scenarios.

Pros

  1. First-party BMC accountability. Single contract, single support path, single roadmap owner. When a Helix upgrade breaks an integration, BMC owns the fix — not a third-party ISV wearing a user hat in a support ticket.
  2. Roadmap alignment. BMC-authored connectors and templates track Helix ITSM releases. Contractual incentive to keep the connector current.
  3. Pre-built Helix templates — accelerators for ServiceNow, Jira, Salesforce, Azure DevOps, CMDB federation.
  4. Full iPaaS, not just ticket sync. Same platform can handle Workday → AD provisioning, SAP → CMDB asset sync, Salesforce → Helix case federation. If the enterprise has integration needs beyond Helix ticket sync, the TCO gap to the alternatives narrows or reverses.
  5. Analyst-recognized iPaaS. Jitterbit Harmony placed as a Visionary in both the 2025 and 2026 Gartner Magic Quadrants for iPaaS — its 12th consecutive year of recognition. Forrester Wave: Integration Platform As A Service, Q3 2025 placed Jitterbit as a Strong Performer (one tier below Leader); Workato, IBM, and Boomi were the Leaders. BMC is not separately evaluated in either Gartner or Forrester. Info-Tech / SoftwareReviews 2026 Data Integration Data Quadrant named Jitterbit a Leader (April 2026); Jitterbit ranked #1 in the G2 Spring 2026 Enterprise Implementation Index. The aggregate picture: customer-favored, but below Leaders in Gartner and Forrester methodology. [VERIFIED]
  6. Enterprise support options — 24/7 Premier, named TAMs on higher tiers.
  7. Private Agent architecture — supports behind-firewall Remedy, on-prem databases, SAP, mainframe adapters.
  8. API Manager included — capability ZigiOps, Exalate, and Unito do not offer.
  9. CMDB as a first-class citizen — differentiator for BMC shops.

Cons

  1. Cost. Highest TCO of the four candidates. For simple bi-directional ticket sync between Helix and one other system, BMC Helix iPaaS is overkill and expensive.
  2. Learning curve. Cloud Studio is visual but not trivial. Jitterscript is a scripting language with paid Jitterbit University courses. Non-trivial transforms require developer skills. ZigiOps (no-code) is easier for business-admin owners of simple flows.
  3. Implementation effort. Initial deployment is 4–12 weeks with BMC PS or a partner. ZigiOps deployments are days to weeks for the same scope.
  4. Overkill for narrow use cases. If the requirement is strictly “sync incidents between Helix and Jira,” ZigiOps delivers the same outcome faster and cheaper.
  5. Quote-based pricing. Reduces transparency. Complicates budget planning and vendor comparison.
  6. Vendor concentration risk. Customers sign with BMC but depend on Jitterbit for the runtime. Any friction in the BMC↔Jitterbit commercial relationship is a customer risk.
  7. No native loop-prevention for bi-directional ticket sync. Must be engineered — via marker fields, external-reference-ID checks, timestamp watermarks. Unito offers this natively. Exalate has structured two-way semantics built in. Jitterbit requires developer-authored loop guards.
  8. Dead-letter queue and replay patterns are custom. Not turnkey.
  9. Customer-managed keys / BYOK is historically tier-restricted; current cycle [UNVERIFIED]. Confirm at procurement.
  10. FedRAMP boundary clarity. BMC Helix has FedRAMP Moderate ATO since 2016-05-05; Jitterbit Harmony itself is not FedRAMP-listed. For federal workloads, confirm with BMC whether the iPaaS layer falls inside the BMC Helix authorization boundary or requires a separate ATO.
  11. Jitterbit ownership/M&A and leadership context. Jitterbit is private-equity-owned: KKR has been a growth investor since 2016 and majority owner since 2018; Audax Private Equity invested in November 2020; senior debt financing was led by Crestline. Recent leadership churn: Bill Conner replaced CEO George Gallegos in February 2024; Luca Taglioretti was named CRO in May 2025; the platform has undergone an AI repositioning (“AI-Infused Harmony Platform,” “Layered AI Architecture”) under Conner. Glassdoor reviews from 2024 reference cost-cutting and US-to-offshore role transfers. The risk vector: PE-owned, debt-financed, leadership-rotating, mid-strategy-pivot. [VERIFIED]

ZigiOps (ZigiWave)

Headline: ZigiOps is the only third-party vendor of the three that ships a productized BMC Remedy connector. It is a narrower-scope, lower-TCO option than BMC Helix iPaaS for bi-directional Remedy sync use cases.

Company and Product

  • Company: ZigiWave (Sofia, Bulgaria), founded 2019. [VERIFIED] via Crunchbase and EU-Startups directory. Bulgarian Commercial Register lookup at portal.registryagency.bg requires interactive search (“ЗИГИУЕЙВ” / “ZIGIWAVE OOD”); exact EIK and day-of-registration require manual lookup.
  • Leadership: Mariya Zasheva (CEO), Idan Harel (Co-founder/Chairman), Avi Koren (Co-founder/CTO). [VERIFIED] via https://zigiwave.com/company
  • Scale claims: 30+ engineers, 100+ customers, “60+ Fortune 500 customers.” [VENDOR CLAIM] Named customers include NASDAQ, FedEx, Delta Dental, TELUS, Schlumberger, Cambia Health, Singtel [VERIFIED via customers page]. Vodafone appears in vendor PR boilerplate but is not on the public customers page [VENDOR CLAIM].
  • Certifications: ISO/IEC 27001 certified October 2022 — but the public security page references ISO/IEC 27001:2013, not the current 2022 revision. ISO/IEC 27001:2013 was superseded by ISO/IEC 27001:2022 with a transition deadline of 2025-10-31, which has passed. The public-facing certification claim is therefore stale; re-certification to the 2022 revision is [UNVERIFIED]. [VERIFIED — vintage flagged] via https://www.zigiwave.com/resources/zigiwave-iso-27001. FIPS 140-2 alignment claimed for config-data encryption; no CMVP certificate number cited. [VENDOR CLAIM]
  • BMC partnership: Historical partner-locator presence is [UNVERIFIED] from current public sources — BMC’s partner-integrations page is a product/category hub, not an enumerated ISV directory, so non-listing is not dispositive. No evidence of BMC Technology Alliance Partner tier. Listed on OpenText ITOM Marketplace at the Partner content tier (support provided by the partner) with a dedicated “ZigiOps for BMC Remedy” listing. [VERIFIED at OpenText] BMC tier status is [UNVERIFIED].

Deployment and Architecture

  • Deployment models: On-prem (Windows/Linux; Java-based installer requiring Oracle Java 17 or OpenJDK 17), SaaS on AWS, or customer-managed cloud. [VERIFIED] via install docs.
  • Architecture: Agentless, stateless, standalone. Outbound API calls only; no agents inside source/target systems. Zero-data-retention for transaction payloads (config data is persisted and encrypted); operates as webhook listener or poller. [VENDOR CLAIM — consistent with public architecture docs]
  • HA: Standby-server model claimed, no published SLA. [UNVERIFIED] for specific uptime guarantees.

BMC Remedy Connector Specifics

  • Authentication: Username/password against Remedy AR user; no public mention of Remedy SSO, Kerberos, or OAuth. [VERIFIED via docs] [GAP: modern SSO patterns unconfirmed]
  • Objects supported: Incident [VERIFIED via docs], Change Request [VERIFIED via docs], Problem [VENDOR CLAIM], Work Order [VENDOR CLAIM], Task [VERIFIED via apps page], Events/Alerts [VERIFIED], CMDB / BMC Atrium CI sync [VENDOR CLAIM — referenced in marketing prose; not enumerated in the structured "Supported Entities" block of the integration-page], Custom forms [VENDOR CLAIM] via schema discovery on the AR System Metadata ARSchema surface.
  • Fields and data types: Text, numeric, date, dropdown, multi-select, checkbox, user/assignee, attachment, custom. Bi-directional. [VERIFIED via apps/integrations pages]
  • Attachments and work notes: Supported, bi-directional. [VERIFIED]
  • Dynamic schema discovery: ZigiOps reads Remedy schemas on connect, so custom fields surface in the mapper without manual scripting. [VENDOR CLAIM — consistent with docs screenshots]
  • Loop prevention: Implemented via correlation fields (e.g., a Jira custom field holding the Remedy request ID). [VERIFIED]
  • Remedy version matrix: Not publicly published. FAQ states only “supports latest versions.” This is a material gap — a Remedy estate on 9.1, 19.x, 20.x, or 22.x should confirm version coverage contractually before signing. [UNVERIFIED]

Sync Features

Real-time (webhook listener) and scheduled polling modes [VERIFIED]. Conditional field mapping and UI-built filters, with optional JS Mapping Expression as the scripting escape hatch [VERIFIED]. No Groovy engine, no public custom-connector SDK, no published script versioning, no dedicated staging/test environment flagged in public docs. These are real limitations relative to Exalate’s scripting engine or Jitterbit’s Cloud Studio — [BIASED SOURCE] Exalate’s competitive comparison flags the same gaps, which corroborates the absence of public developer docs.

Security and Compliance

  • ISO 27001 certified. [VERIFIED]
  • Encryption: TLS 1.3 in transit, FIPS 140-2-aligned at rest for config data. [VENDOR CLAIM]
  • SSO: SAML 2.0 with documented Okta integration. [VERIFIED via docs]
  • SOC 2 Type II: Positioned as a tool that enables customer compliance rather than as a directly audited entity. Not advertised as holding a SOC 2 Type II report. [UNVERIFIED — confirm in procurement]
  • HIPAA: Not advertised as HIPAA-ready with BAA. [UNVERIFIED]
  • Data residency: SaaS region not publicly specified. [UNVERIFIED]
  • Customer data flow: On-prem install keeps all payload data inside customer perimeter. SaaS transits ZigiOps AWS infrastructure but is not persisted. [VERIFIED architecture]

Pricing

  • Model: Annual subscription per system pair (e.g., Remedy ↔ ServiceNow is one pair), not per user or per record. Unlimited data volume within a licensed pair.
  • Bundled: Implementation and support included in the subscription — no separate PS line item. [VERIFIED via FAQ and reseller listings]
  • Quotes only on the website. SourceForge listing floor: $500/month ($6K/year) per pair. SaaSworthy references “$300/month” for a Basic package, last updated 2022-07-21 (~4-year-old data point). [UNVERIFIED for specific scope]
  • Enterprise ACV per pair: Low five figures per pair per year; multi-pair and partner/reseller discounts of 20–50%. [ESTIMATE — triangulated from reseller data, not a vendor quote]

Pros

  1. No-code for standard ITSM-to-ITSM patterns; short time-to-first-sync. Customer reviews confirm this for templated patterns; complex scenarios beyond templates revert to manual configuration.
  2. On-prem deployment keeps data inside customer perimeter — material for regulated-industry Remedy shops.
  3. Flat per-pair pricing avoids per-transaction metering that bites Workato and MuleSoft for high-volume ITSM flows.
  4. Broad monitoring/AIOps connector coverage (Datadog, Dynatrace, Splunk, Prometheus, OpsBridge, AppDynamics, New Relic) is deeper than Jitterbit’s stock library for observability-to-ITSM use cases.
  5. Bundled implementation and support — no separate PS engagement needed for standard patterns.
  6. ISO 27001 certified.

Cons

  1. Opaque Remedy/Helix version support matrix — “latest version” is the only public stance.
  2. Thin review corpus (17 on G2 at 4.8/5, 10 on Capterra at 4.7/5, 2 on Gartner Peer Insights) — ratings are positive but statistically weak.
  3. Sofia-headquartered support footprint; follow-the-sun coverage despite 24/7 marketing claim is [UNVERIFIED].
  4. Limited developer extensibility — no Groovy, no public SDK, no script versioning, no explicit staging/test environment in public docs.
  5. No public throughput SLA, concurrency benchmark, or horizontal scale-out architecture.
  6. Documentation depth is thin for BMC-specific topics beyond Incident and Change. Work Order, Task, Problem, and CMDB flows are marketing-mentioned but not step-by-step-documented.
  7. No verified BMC Technology Alliance Partner tier — third-party ISV, not OEM.
  8. Jira Marketplace listing caps Jira Server at 8.5.5; newer Jira DC 9.x/10.x coverage is unverified in the listing.
  9. Atlassian Marketplace BMC Remedy listing for ZigiOps (app 1221587) was last updated 2022-08-02 (v3.2.2) — 3.5 years stale as of 2026-04. No Marketplace Partner badge on this listing (not Cloud Fortified, no Bronze/Silver/Gold tier). Material supplier-risk signal for the BMC integration use case.

ZigiOps Verdict

Qualified for narrow bi-directional sync (e.g., strictly Remedy ↔ ServiceNow plus monitoring-tool side-channels) when TCO is the primary decision driver. ZigiOps is materially cheaper than BMC Helix iPaaS and its on-prem, zero-data-retention architecture fits regulated Remedy estates. It does not cover broader enterprise integration needs (ETL, API management, ERP/HR/CMDB federation) and it is a third-party ISV rather than a first-party BMC-accountable option.

Comparison Matrices

Matrix 1: Architecture and Capability

ZigiOpsExalateUnitoBMC Helix iPaaS
Native BMC Remedy connectorYesNoNoYes
Core architectureCentralized, statelessDecentralized, single-tenant nodesCentralized hubCentralized control + hybrid Cloud/Private Agents
Config approachNo-code templates + optional JS expressionsGroovy scripting + Aida AI assistNo-code drag-and-dropLow-code visual + Jitterscript
Primary focusObservability + ITSM + ITOMJira/ServiceNow cross-company ITSMWork-management syncEnterprise orchestration, full iPaaS
DeploymentCloud, on-prem, customer-managedCloud, on-prem (DC nodes)SaaS only, AWS USCloud Agents + Private Agents
API ManagementNoneNoneNoneFull API lifecycle suite
Real-time syncYes (webhook + poll)Yes (event-driven)Gated behind Business tier ($769/mo)Yes (real-time + scheduled + event)
CMDB as first-class objectVendor claim (Atrium); not in structured supported-entities blockNoNoYes (CMDB federation native)
Primary limitationLimited developer extensibility, thin docs for non-Incident/Change flowsNo BMC connectorNo BMC connector; US-only residencyHighest cost, steeper learning curve

Matrix 2: Security, Governance, Control

ZigiOpsExalateUnitoBMC Helix iPaaS
Data residencyOn-prem or SaaS; SaaS region unspecifiedCloud single-tenant; EU/US cluster specifics unpublishedAWS US only — hard constraintMulti-region (NA, EMEA, APAC)
ISO/IEC 27001CertifiedCertified (2022)Not advertisedCertified
SOC 2 Type IINot advertisedNot advertisedCertifiedCertified
HIPAA / BAANot advertisedNot advertisedNot advertisedAvailable on eligible plans
FedRAMPNot advertisedNot advertisedNot advertisedBMC Helix Moderate ATO since 2016-05-05 (Jitterbit layer not separately listed)
SSOSAML 2.0 (verified)Limited public docs for admin SSOEnterprise tier onlySAML / OIDC
Cross-company trust boundaryCentralized adminDecentralized autonomous (unique)Centralized adminGranular RBAC, centralized governance
Error handlingActivity-log based, manual reviewSync Queue UI, Resolve & RetryCentralized monitoring UIDashboard + alerts; DLQ is custom build
Test/staging environmentNot publicly documented“Test Run” sandboxingFlow cloningComprehensive lifecycle management

Matrix 3: Commercial and TCO

Directional annual cost comparison — BMC Helix iPaaS $30K–$250K+, ZigiOps $12K–$40K, Exalate and Unito under $10K but excluded

ZigiOpsExalateUnitoBMC Helix iPaaS
Pricing transparencyQuote-only; reseller floor ~$500/mo per pairPublic (Free / Starter / Scale / Pro / Enterprise)Public (Basic / Pro / Business / Enterprise)Quote-only
Pricing modelPer system-pair, flat annual, unlimited volume within pairPer active items in sync (capacity-based)Items-in-sync + feature tierEnterprise capacity / nodes / message volume
Free tierTrial + free PoCYes (Free Plan, pre-made configurations)No — 14-day trial onlyNo
Directional annual costLow-five-figures per pair; multi-pair discountsStarter $1.2K · Scale $3.4K · Pro $6.6K+ · Enterprise customBasic $1.2K · Pro $3.6K · Business $9.2K · Enterprise custom$30K–$250K+/year
Hidden cost vectorsEach new system-pair = new licenseStale ITIL tickets drain active-item capacityReal-time sync + premium connectors require higher tiersJitterscript training; PS engagement for complex builds
Professional servicesBundled into subscriptionAvailable separatelyEnterprise tier onlySeparate PS engagement typical (4–12 weeks)
BMC Remedy covered in pricing?YesNo — requires Enterprise + custom engagementNo — requires custom-built connectorYes — first-party

Decision Framework

The two qualified options serve different scopes. Neither is universally “better” — the right choice depends on integration scope, budget, and roadmap.

When BMC Helix iPaaS is the Stronger Fit

  • Integration roadmap extends beyond Jira ↔ Remedy. Future HR-to-AD provisioning, ERP-to-CMDB federation, Salesforce ↔ Helix case bridging, additional ITSM endpoints (ServiceNow, Azure DevOps), or API-led architecture for new services. The same platform investment covers more surface area, so multi-year TCO converges with or beats the narrow-scope ZigiOps purchase.
  • First-party BMC accountability is contractually required. Single contract, single support path, single roadmap owner. When a Helix upgrade breaks the Jira integration, BMC owns the fix; third-party ISVs have commercial incentives but no contractual obligation tied to BMC release cycles.
  • FedRAMP Moderate is required. BMC Helix carries FedRAMP Moderate ATO (since 2016-05-05); the iPaaS layer’s status inside that boundary should be confirmed at procurement. None of the alternatives are FedRAMP-listed.
  • Enterprise scale, named-TAM support, and multi-region residency are the bar (NA, EMEA, APAC).

When ZigiOps is the Stronger Fit

  • Scope is strictly Jira ↔ Remedy ticket sync with no plans to add other endpoints or extend to non-ITSM integration. ZigiOps delivers faster and at 3–10× lower cost; bundled implementation and per-pair pricing are advantageous here.
  • Budget is the binding constraint and the Jira ↔ Remedy ticket bridge is the only requirement.
  • Regulated Remedy estate requiring on-prem deployment with zero payload transit to an iPaaS vendor’s cloud. ZigiOps on-prem install fits the Jira ↔ Remedy use case, subject to confirming SaaS-vs-on-prem feature parity for the specific scope.

Existing Platform Investment

A factor independent of scope and regulatory regime: does the organization already operate one of these platforms for other workloads? Existing investment shifts the calculation in real ways:

  • If BMC Helix iPaaS is already in production for non-Jira integrations, the reuse argument is strong. Procurement, security review, and architecture-review hurdles are already cleared; the engineering skill base (Cloud Studio, Jitterscript) already exists in-house; the contract is already in place. Adding ZigiOps in parallel introduces a second vendor contract, a second support path, and a second runtime to operate — justified only if the Jira ↔ Remedy use case is materially better-served by ZigiOps and the cost gap covers the operational tax.
  • If ZigiOps is already in use for other ITSM-bridge patterns (e.g., Remedy ↔ ServiceNow, monitoring-tool to ITSM), introducing BMC iPaaS for one Jira ↔ Remedy lane fragments the integration estate. The symmetric reuse argument applies.
  • If neither is in production, this factor does not apply and the decision rests on scope, regulatory fit, and TCO as analyzed above.

This is a tilt factor, not a tiebreaker. Existing platform investment does not turn a poor scope-fit into a good one — it raises the threshold required to justify bringing in a second vendor for an adjacent integration.

On the Excluded Vendors

Exalate and Unito do not ship native BMC Remedy connectors and are excluded from the shortlist. Their full evaluations and the verification trail are in the vendor sections above.

Regulated-Enterprise Considerations

The fit between the two qualified options shifts depending on the regulatory regime. Summary matrix at a glance, expanded analysis by vertical follows:

Regulatory regimeStronger fitOne-line reason
Government / Federal (US: FedRAMP, FISMA, DoD IL, CJIS, CMMC)ConditionalBMC Helix carries FedRAMP Moderate ATO; Jitterbit Harmony is not FedRAMP-listed. Confirm iPaaS-layer boundary before committing
Financial services (US: SOX, FFIEC, OCC; EU: DORA; UK: FCA/PRA; APAC: MAS, HKMA, APRA)BMC iPaaSFull iPaaS scope, multi-region residency, current SOC 2 + ISO 27001; ZigiOps inadequate for global FI scope
Healthcare / life-sciences PHI (US: HIPAA, HITECH, HITRUST; EU: GDPR; state: NY SHIELD, CA CMIA)BMC iPaaSBAA available on eligible tiers; ZigiOps does not advertise BAA
Life sciences / pharmaceutical (FDA 21 CFR Part 11, EMA Annex 11, GxP)BMC iPaaSLong validated-deployment history; CSV documentation paths well-trodden
Strict data sovereignty / zero data transit / classifiedZigiOps on-premOn-prem keeps payloads inside customer perimeter; BMC’s Private Agents are outbound-only but metadata still transits to Jitterbit Harmony
Critical infrastructure / utilities (NERC CIP, TSA SD-2021-02, NIST CSF)ConditionalNeither vendor publishes NERC CIP attestations; on-prem ZigiOps may fit Low/Medium impact ratings; BMC iPaaS for broader operational scope

Government / Federal

Regulations in scope: FedRAMP (Low / Moderate / High); FISMA self-authorization at agency level; DoD Cloud Computing SRG impact levels (IL2 / IL4 / IL5 / IL6); CJIS Security Policy for criminal-justice data; ITAR / EAR for export-controlled technical data; NIST 800-171 + CMMC 2.0 for the Defense Industrial Base; StateRAMP for state-and-local agencies.

BMC iPaaS posture. BMC Helix carries FedRAMP Authorized at Moderate impact since 2016-05-05 (package F1510057481, Rev5; 4 authorizations / 3 reuses). Jitterbit Harmony itself is not on the FedRAMP marketplace. The unresolved question — whether the iPaaS layer falls inside BMC Helix’s authorization boundary or is treated as a separate boundary requiring its own ATO — is genuinely load-bearing for federal procurement and must be resolved with BMC contractually. Neither BMC nor Jitterbit publishes a DoD IL4 / IL5 / IL6 SRG-aligned offering at this writing, so for DoD workloads above IL2, the vendor combination needs explicit coverage validation. CMMC Level 3 readiness is a customer-side determination on top of the underlying provider posture.

ZigiOps posture. No FedRAMP listing. On-prem deployment can be acceptable inside an agency-operated FISMA boundary where the customer holds the ATO; for FedRAMP-Authorized cloud-service-provider requirements, ZigiOps does not qualify.

Procurement caveats. Confirm the iPaaS-layer FedRAMP boundary in writing; obtain Jitterbit’s CSO / FedRAMP package authorization scope before signing. For ITAR / EAR scope, confirm vendor personnel are US persons and infrastructure is US-resident. CJIS authentication requirements (advanced authentication, transitive audit) should be mapped against the vendor’s IAM posture.

Bottom line. BMC iPaaS is conditionally fit if the iPaaS layer is covered by BMC’s FedRAMP boundary; ZigiOps fits agency-level FISMA self-authorization scenarios where on-prem deployment under the agency’s own ATO is acceptable.

Financial Services

Regulations in scope: US — SOX, GLBA, FFIEC, OCC, NYDFS 23 NYCRR 500, SEC, FINRA. EU — GDPR, DORA (Digital Operational Resilience Act, applicable from January 2025), PSD2 / PSD3, MiFID II. UK — FCA / PRA operational resilience (SS1/21, SS2/21). APAC — MAS Technology Risk Management (Singapore), HKMA SA-2 (Hong Kong), APRA CPS 230 (Australia), JFSA (Japan), RBI IT Framework (India). Cross-border — Basel III/IV operational risk, FATF, OFAC sanctions, data localization (China PIPL/CSL, India DPDPA).

BMC iPaaS posture. Multi-region tenancy (NA / EMEA / APAC) supports Schrems II EU-data-stays-in-EU posture and APAC residency requirements. SOC 2 Type II and ISO 27001 are baseline financial-services audit attestations and both are current. Full iPaaS coverage is necessary for the integration scope a global financial institution actually runs (treasury, regulatory reporting under BCBS 239 / MiFID II / AnaCredit, AML/KYC, payments, market-data feeds, customer data platforms, ERP, ITSM) — a point-to-point sync tool cannot do this. API Manager benefits PSD2 / FAPI / Open Banking compliance. CMDB federation as a first-class object supports SOX ITGCs, BCBS 239 risk-data-aggregation, and DORA ICT asset registers. BMC’s financial-services track record is well established with regulators.

ZigiOps posture. Inadequate scope for a strategic global-FI integration platform. ISO 27001 references the superseded 2013 revision (transition deadline 2025-10-31 has passed without public re-certification) — material audit finding. No advertised SOC 2 Type II. Vendor scale (Sofia-based, ~30 employees) introduces friction in financial-services vendor-risk onboarding. ZigiOps may have tactical utility for narrow Remedy↔ServiceNow ticket sync at non-critical workload tiers.

Procurement caveats specific to multinational FIs. DORA Articles 28–29 require Jitterbit to be declared as a critical ICT subcontractor with transitive audit rights. Jitterbit’s PE ownership (KKR + Audax with Crestline debt), 2024 CEO change, 2025 CRO change, and AI strategy pivot are material under DORA “expected service continuity” assessment. DORA threat-led penetration testing (TLPT) every three years against the iPaaS surface — confirm BMC / Jitterbit accept TIBER-EU. Schrems II requires BYOK or equivalent cryptographic separation; confirm BYOK availability on the intended Jitterbit tier. National data-localization (China PIPL / CSL, India DPDPA) requires verifying in-country region availability before committing to a workload class. PCI DSS Level 1 SAQ-D scope is not publicly advertised by either vendor — confirm if cards flow through any integration. Concentration-risk reporting (FFIEC, OCC Bulletin 2023-17, EBA Outsourcing Guidelines) must reflect the BMC ↔ Jitterbit substrate dependency. Right-to-exit and exit-plan testing under DORA / FCA SS2/21 / APRA CPS 230 — exit from BMC iPaaS is non-trivial because Jitterscript-authored content is platform-locked. Resilience tolerances: Jitterbit’s 99.9% Standard SLA may not meet a Tier-1 FI’s resilience requirement (often 99.95%+ with 4-hour RTO for critical services).

Bottom line. BMC iPaaS is the strategic platform. ZigiOps has niche tactical utility at non-critical tiers. The procurement lift (DORA register, transitive audit rights, exit-plan testing) is the heavy work — not the vendor-fit decision itself.

Healthcare / Life-Sciences PHI

Regulations in scope: US — HIPAA / HITECH (Privacy, Security, Breach Notification rules), 42 CFR Part 2 (substance use), HITRUST CSF (de-facto attestation framework). EU — GDPR Article 9 (special category data) for healthcare. State-level — NY SHIELD Act, CA Confidentiality of Medical Information Act, IL Biometric Information Privacy Act if biometric identifiers are involved. Cross-border — EU EHDS (European Health Data Space, applicable from 2025).

BMC iPaaS posture. Business Associate Agreement (BAA) is available on eligible tiers per Jitterbit’s published trust posture. SOC 2 Type II + ISO 27001 are baseline for HITRUST CSF readiness; HITRUST validated assessment is a customer-side activity on top of the underlying provider posture. Multi-region residency supports EU healthcare data residency. The full-iPaaS surface supports the broader healthcare integration scope — EHR ↔ ServiceNow, lab-results feeds, claims systems, provider-credentialing platforms — not just ITSM ticket sync.

ZigiOps posture. No advertised BAA; this is generally a non-starter for any workload that touches PHI in scope of HIPAA’s BAA requirement. On-prem deployment helps with PHI residency but does not substitute for a BAA. Limited public HITRUST track record.

Procurement caveats. Confirm BAA tier eligibility and any subprocessor BAA chain (BMC ↔ Jitterbit; downstream processors). HITRUST CSF inheritance scope: which controls inherit from the provider attestation versus which require customer implementation. EU EHDS data-altruism provisions and secondary-use restrictions if cross-border health-data flows are in scope. State-attorney-general breach-notification timing.

Bottom line. BMC iPaaS for any workload touching PHI under HIPAA’s BAA requirement; ZigiOps is generally not a fit unless the workload is explicitly out of HIPAA scope.

Life Sciences / Pharmaceutical (GxP)

Regulations in scope: FDA 21 CFR Part 11 (electronic records and signatures); EMA Annex 11 (computerized systems in GMP); GxP umbrella — GMP (Good Manufacturing), GLP (Good Laboratory), GCP (Good Clinical), GDP (Good Distribution); ICH E6(R3) for clinical trial data integrity; HIPAA where clinical-trial data overlaps US PHI; PMDA (Japan) and NMPA (China) for international regulatory submissions.

BMC iPaaS posture. BMC has a long deployed-validated track record in pharmaceutical environments; BMC PS / partner ecosystem includes practitioners experienced with Computer System Validation (CSV) lifecycles for BMC products. SOC 2 Type II + ISO 27001 attestations support the audit-trail requirements common to Part 11 / Annex 11. Cloud-Studio change management is auditable; Jitterscript-authored content can be source-controlled.

ZigiOps posture. Limited public GxP / Part 11 track record. Smaller vendor scale increases the validation lifecycle effort the customer must own. No specific Part 11 / Annex 11 collateral surfaces from public sources.

Procurement caveats. Validation lifecycle (URS / FS / DS / IQ / OQ / PQ) cost and timeline are typically the largest line item — confirm vendor cooperation on validation deliverables. Electronic-signature controls under Part 11 §11.50 / §11.70: which side of the boundary owns the signed-record persistence. Audit-trail tamper-evidence and retention timeline (often 25+ years for clinical and manufacturing records). Change-management control evidence for SOX-equivalent audit at the IT-general-controls layer.

Bottom line. BMC iPaaS for any GxP-validated integration scope; ZigiOps is unproven and would require a meaningfully heavier customer-led validation effort.

Pre-Purchase Validation Checklist

For BMC Helix iPaaS

  1. Obtain a formal BMC quote against the specific Jira ↔ Remedy scope (Jira deployment type, environments, message volume, JSM vs Software).
  2. Confirm Helix ITSM ↔ Jira OOTB template scope — which Jira issue types, fields, work-notes, attachments, custom fields, JSM-specific objects (request types, approvals) are covered out-of-the-box vs. require Cloud Studio customization.
  3. Confirm Jira deployment-type support — Jira Cloud, Jira Server (EOL Feb 2024 — relevance only if customer is mid-migration), Jira Data Center 9.x / 10.x. Confirm Jira API token / OAuth 2.0 / personal access token authentication paths.
  4. Confirm current Gartner MQ placement for Jitterbit (Visionary as of 2026; verify next cycle).
  5. Confirm whether the iPaaS layer is inside BMC Helix’s FedRAMP Moderate boundary if any federal workload is in scope.
  6. Confirm customer-managed key (BYOK) availability on the intended tier.
  7. Request a reference customer running Helix ↔ Jira at similar scale and Jira deployment type.
  8. Pull 10–20 recent Gartner Peer Insights reviews of Jitterbit Harmony and summarize top praise and top complaints into procurement.

For ZigiOps

  1. Atlassian Marketplace BMC Remedy listing maintenance commitment — the current listing (app 1221587) has not been updated since 2022-08-02, has no Marketplace Partner badge (not Cloud Fortified, no Bronze/Silver/Gold tier), and caps Jira Server support at 8.5.5. Confirm in writing the maintenance plan, current Jira DC 9.x / 10.x support status, and Jira Cloud support status.
  2. Explicit Remedy ITSM version support matrix — AR System 9.x / 18.x / 19.x / 20.x / 21.x / 22.x / 23.x, Helix ITSM 20.x+.
  3. Explicit Jira version / deployment matrix — Jira Cloud, Jira Data Center 9.x / 10.x, JSM Cloud, JSM Data Center, JSM request types and approvals.
  4. Custom-form / custom-AR-workflow support depth beyond Incident/Change masters; mapping behavior for Jira custom fields, sub-tasks, and JSM Service Management-specific schema.
  5. Loop-prevention and conflict-resolution behavior for bi-directional sync — correlation-field strategy, last-write-wins vs. merge semantics, idempotency on retry.
  6. Formal BMC partnership tier confirmation in writing.
  7. SOC 2 Type II report availability under NDA.
  8. HIPAA BAA willingness if PHI is in scope.
  9. SaaS data residency options (US vs EU region pinning).
  10. Published uptime SLA for both SaaS and on-prem HA claim.
  11. Throughput benchmarks for Jira ↔ Remedy at the relevant ticket volumes.
  12. Horizontal scale-out architecture for the on-prem edition — or confirmation that it is vertical-only.
  13. Per-pair list price, multi-pair discount schedule, renewal uplift cap.
  14. CMDB reconciliation depth against BMC Atrium (CDM classes, normalization, federation tokens).
  15. Published support SLAs (P1/P2/P3 response and resolution targets); follow-the-sun coverage map.
  16. ISO 27001:2022 transition status (the public security page references the superseded 2013 revision).

Appendix: Items We Could Not Verify

None of these are disqualifying; they are open questions that should be closed in procurement.

ZigiOps: formal BMC partnership tier; SOC 2 Type II report; HIPAA BAA; SaaS data residency; uptime SLA; horizontal scale-out; 24/7 follow-the-sun coverage; Remedy/Helix version matrix; published per-pair pricing; custom-form depth beyond Incident/Change; CMDB reconciliation depth; whether the ISO 27001:2013 certification has been refreshed to the 2022 revision (transition deadline 2025-10-31 has passed); engineering-vs-total-headcount split (LinkedIn shows 28–31 total employees, so “30+ engineers” is implausible without counting all functions); EIK and Bulgarian Commercial Register day-of-registration.

Exalate: current headcount (LinkedIn band: 51-200; product team estimated 50-80 post-2023 split); SOC 2 Type II; HIPAA/PCI posture; SAML/OIDC for Exalate admin console; Cloud cluster regions; throughput SLA; bulk portability tooling; any partner specializing in BMC Remedy.

Unito: ISO 27001 status; HIPAA status; annual-discount percentages; per-tier items-in-sync caps (visible only in-app); Enterprise SLA terms; PS rate card for custom connectors; total customer count; Quebec NEQ cross-reference.

BMC Helix iPaaS: GA launch month; current pricing (directional only); whether the iPaaS layer is inside the BMC Helix FedRAMP Moderate authorization boundary or requires a separate ATO; BYOK availability by tier; throughput/TPS benchmarks; whether the Helix Discovery↔CMDB and Helix↔Teams/Slack templates exist as documented OOTB content (absent from BMC’s current OOTB-templates docs page).

Sources

ZigiOps

Exalate

Unito

BMC Helix iPaaS (Jitterbit)

Cross-Vendor

End of document.