What is the PCI-DSS Standard?
The PCI-DSS stands for “Payment Card Industry Data Security Standard.” It corresponds to a set of controls, which ensures compliance with security requirements for credit card payment systems. This standard is binding for all companies, entities, and organizations, which process credit cardholder data.
The requirements concern the network and operation of the data processing environment, e.g., within a data center. They cover 12 areas:
- Password protection
- Protection of stored cardholder data
- Data encryption
- Antivirus Software
- Secure development and maintenance of systems and applications
- Restricted access according to need-to-know principle
- Personalized access
- Restricted physical access
- Track and monitor access to network
- Regularly test security systems and processes
- Maintain an information security policy
How do I benefit from a PCI-DSS-certified Data Center?
Companies and Organizations that electronically process cardholder data (CHD) on a cardholder environment (CDE) are required to secure the environment according to the PCI standard against data abuse and unauthorized access on an ongoing basis. Also, the standard requires a precise definition of roles and responsibilities for all persons working on the CDE. All access and all operational actions need to be tracked and monitored. A vital part of the operation of such an environment, is physical security and all related processes, to comply with those requirements within a data center operation. Traceability of physical access to the environment is controlled by using professional access control mechanisms and processes. A seamless video surveillance around the clock and the logging of all persons entering the data center footprint are matched continuously to ensure data consistency.
As a co-location customer in our data center, you benefit from a QSA (qualified security assessor) - audited PCI certified service offering, which reaches all the way to your rack cabinet. You can focus on compliance of your infrastructure operated within that rack, without having to worry about the physical security aspects of the data center. It covers substantial parts of the PCI requirements 9 and 12, as well as 11.1 about wireless access points, attested through our certification. You can build your PCI compliance on our PCI certification, thereby not having to worry about all controls certified in our accreditation. E-Commerce and content providers, a broad range of entities and organizations that accept online credit card payments or donations, can implement a CDE within a PCI certified data center environment in their separately locked 19" rack (21 or 42 units). Please contact us, if you need our attestation of compliance (AOC), or if you have any other question about the PCI-DSS certification.