NEWS: Custodian becomes PCI DSS validated
We are pleased to announce that Custodian’s Kent data centre has been PCI DSS validated. Following a successful QSA assessment Custodian is fully compliant with the PCI DSS physical security requirements. (requirements 9 and 12).
The purpose of the PCI DSS is to ensure the security of card data. This is achieved through a set of requirements established by the Security Standards Council. These include a number of commonly known best practices such as, installation of firewalls, encryption of data transmissions, use of anti-virus software.
What’s in Custodian’s scope?
As a colocation provider we do not have control over the systems run by our customers. What we can ensure however is the security of our facilities. The PCI DSS framework is made up of 12 key requirements and many sub requirements to which organisations that either process, store or transmit cardholder data must adhere to.
Custodian meets the following security requirements:
Requirement 9: Restrict physical access to cardholder data. We successfully demonstrated the required implementation of strong access control measures.
Requirement 12: Maintain a policy that addresses information security for all personnel. We successfully demonstrated the use and scope of our ISO27001 Information Security Policy and internal security processes.
What does this mean for Custodian customers?
Our customers can have peace of mind that when taking colocation services with us, their systems will be housed in a facility where robust physical security measures are in place. It will also make the compliance process easier for customers future and present that are required to obtain full PCI DSS certification. Using our Data Centre ensures compliance to two of the 12 requirements, freeing up valuable time and resource to focus on the rest.
“It is great to have our data centre’s physical security measures validated. The PCI DSS framework enables us to demonstrate to our customers that we take the security access to their systems seriously. The standard provides a framework for security best practices and we think this is important for all of our customers not just those processing cardholder data. It really is about security best practices for all data”
Sam Clarke, Head of Compliance, Custodian Data Centres.
For further information on the PCI DSS framework visit the PCI SSC website.
Custodian provide a number of security services such as Penetration Testing and Vulnerability Scanning which can help you achieve and demonstrate a Vulnerability Management Program (also a requirement of the PCI DSS certification framework).
For further information visit our Security Services here.