PCI DSS Standard
What is the PCI DSS Standard?
The Payment Card Industry Data Security Standard (PCI DSS) represents the requirements all companies, entities, and organizations adhere to for processing credit card holder data. As such, they are required to follow the specific security measures necessary for credit card payment systems.
These specific security measures concern the network and operation of the data processing environment, such as a data center, and they cover 12 distinct areas of security:
- password protection
- protection of stored cardholder data
- data encryption
- antivirus software
- secure development and maintenance of systems and applications
- restricted access according to need-to-know principles
- personalized access
- restricted physical access
- tracked and monitored access to the network
- regularly test security systems and processes
- maintaining an information security policy
How do I benefit from a PCI-DSS-certified Data Center?
Being a customer in our Data Center means that you benefit from a QSA (qualified security assessor) – audited PCI certified service offering. This is important because companies and organizations that electronically process cardholder data (CHD) on a cardholder data environment (CDE) are required to secure the environment according to the PCI standard against data abuse and unauthorized access on an ongoing basis.
The service being offered reaches all the way to your rack cabinet. You can focus on compliance of your infrastructure operated within that rack, without having to worry about the physical security aspects of the data center covering substantial parts of the PCI requirements, attested through our certification. You can build your PCI compliance on our PCI certification, thereby not having to worry about all controls certified in our accreditation. E-Commerce and content providers, a broad range of entities and organizations that accept online credit card payments or donations, can implement a CDE within a PCI certified data center environment in their separately locked racks.
The PCI-DSS standard requires a precise definition of roles and responsibilities for all persons working on the CDE. All access and all operational actions need to be tracked and monitored. As an example, a vital part of the operation of such an environment is physical security and all related processes – all of which must comply with the standardized requirements within a data center operation. This means traceability of physical access to the environment is controlled by using professional access control mechanisms and processes. A seamless video surveillance around the clock and the logging of all persons entering the data center footprint are matched continuously to ensure data consistency.
We provide the support you need, such as our Attestation of Compliance (AOC), to ensure that all requirements are being met and every aspect of PCI-DSS certification is understood and implemented by you as our customer.
Please contact us to sign up for these services or if you have any questions about PCI-DSS certification.