The PCI COMPLIANT CLOUD
With Logicworks' cloud services, many components of our customers’ IT architectures are largely covered by our existing policies, network configuration, documentation, and technology. This allows your company to meet complex PCI criteria effortlessly, as our services include: Installation and maintenance of firewalls; prohibition of vendor-supplied defaults for security parameters; regular use of up-to-date anti-virus software; system security hardening; user login constraints; physical security; tracking and monitoring of network access; regular security testing; and security policy maintenance.
PCI compliance is non-transferrable, but Logicworks provides solutions for coverage of the key parts of the specification which revolve around the secure handling of credit card data in online systems. By leveraging our security infrastructure, processes, and policies, Logicworks can help you easily achieve compliance with current PCI-DSS specifications.
PCI COMPLIANCY OVERVIEW
The Payment Card Industry Security Standards Council (PCI SSC) formed a worldwide security standard known as PCI DSS (Payment Card Industry Data Security Standard). The PCI security standards are technical and operational requirements created to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities. The standards apply to all organizations that store, process or transmit cardholder data with guidance for software developers and manufacturers of applications and devices used in those transactions. Therefore, any company processing, storing, or transmitting cardholder data must comply with PCI DSS standards.
There are three main considerations. First, you need to choose a PCI compliant hosting provider. Most top-tier vendors fall under this category, but you should always ask. Second, you need to sign up with an Approved PCI Scanning Vendor (ASV). Your scanning vendor will review the code on your site and detect vulnerabilities.. Third, you need to build an infrastructure that complies with PCI recommendations. Each of these services is included with Logicworks’ PCI compliance suite. Specifically you need a properly configured Firewall, an Intrusion Detection System (IDS), and if your site is accessible to the public you need to isolate the credit card data from the public data via a De-Militarized Zone (DMZ). At Logicworks, we achieve these goals by using Cisco Adaptive Security Appliances (ASA) for Linux-based systems and Microsoft Internet Security and Acceleration (ISA) for Windows systems.
Logicworks PCI compliant solutions meet the following criteria:
- Build and maintain secure client and administrative networks
- Protect cardholder data
- Develop and maintain a vulnerability management program, tested quarterly
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
- Annual compliance audits
- Quarterly security reviews
Logicworks’ solutions enable clients to achieve other standards of PCI Compliance such as protection of cardholder data, encryption of transmitted cardholder data, and access restriction policies.