Logicworks Managed Hosting Solutions

The Payment Card Industry Security Standards Council (PCI SSC) formed a worldwide security standard known as PCI DSS (Payment Card Industry Data Security Standard). The PCI security standards are technical and operational requirements created to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities. The standards apply to all organizations that store, process or transmit cardholder data with guidance for software developers and manufacturers of applications and devices used in those transactions. Therefore, any company processing, storing, or transmitting cardholder data must be PCI DSS compliant.

There are three main considerations. First, you need to choose a PCI compliant hosting provider. Logicworks and most top-tier vendors fall under this category, but you should always ask. Second, you need to sign up with an Approved PCI Scanning Vendor (ASV). Your scanning vendor will review the code on your site and detect vulnerabilities. Logicworks partners with Alert Logic to provide ASV services, but there are a number of other qualified companies as well. Third, you need to build an infrastructure that complies with PCI recommendations. Specifically you need a properly configured Firewall, an Intrusion Detection System (IDS), and if your site is accessible to the public you need to isolate the credit card data from the public data via a De-Militarized Zone (DMZ). At Logicworks we achieve these goals by using Cisco Adaptive Security Appliances (ASA) for Linux-based systems and Microsoft Internet Security and Acceleration (ISA) for Windows systems.

For complete information on PCI compliance, a list of all the ASV's, and a copy of the PCI Self-Assessment Questionnaire, visit www.pcisecuritystandards.org. For further information on a PCI compliant hosted infrastructure at Logicworks, speak with one of our sales representatives.

PCI 1.2 Compliance

As of October 1, 2008, the Payment Card Industry Data Security Standard (DSS) v 1.2 replaced the DSS v. 1.1. For an overview of the differences between the two versions, please read "PCI DSS, QSA Validation Requirements" on the PCI Security Standards Council site (April, 2008).

With Logicworks' Managed Services, many components of your architecture are largely covered by our existing policies, network configuration, documentation, and technology. This allows your company to meet complex PCI criteria effortlessly, as our services include: The installation and maintenance of firewalls; prohibition of vendor-supplied defaults for security parameters; regular use of up to date anti-virus software; system security hardening; user login constraints; physical security; tracking and monitoring of network access; regular security testing; and security policy maintenance.

PCI compliance is non-transferrable, but Logicworks provides solutions for coverage of the key parts of the specification which revolve around the secure handling of credit card data in online systems. By leveraging our security infrastructure, processes, and policies, Logicworks can help you easily achieve compliance with the PCI-DSS 1.2 specification.

Logicworks can also provide guidance and resources to succeed in other areas of PCI Compliance such as, protection of cardholder data, encryption of transmitted cardholder data, and access restriction policies.

Logicworks PCI-Complaint Solutions here.