Most organisations working through their PCI DSS project have elements of their business systems hosted by a third party (hosting provider) and are therefore required to have an independent datacentre inspection as part of the assessment process. In addition, if a hosting provider is providing managed services to their customers' transaction environment, they will be required to have their managed services validated as PCI DSS Compliant.
Hosting providers are defined as either:
- Un-Managed Hosting Provider - providing hosting facilities only for their customers. The following PCI DSS Requirements apply to Unmanaged Hosting Providers:
- Requirement 9 - Restrict Physical Access to Cardholder Data.
- Requirement 12 - Maintain a policy that addresses information security for employees and contractors.
- Managed Hosting Provider - providing managed services to their customers and/or hosting facilities. Managed Hosting Providers are required to be compliant for all aspects of the PCI DSS that apply to their respective managed services.
Foregenix offers a hosting provider PCI approval service, providing approval for both managed and un-managed hosting providers, which is recognised by the card schemes and contributes to the compliance of any hosted clients. The Foregenix compliance services for Hosting Providers comprise straightforward, cost-effective solutions for achieving compliance with PCI DSS; these include the following services:
- Pre-Compliance/Gap Analysis - onsite review and gap-analysis provides a structured framework that facilitates straightforward compliance.
- Penetration Testing - customised penetration test service provides a comprehensive analysis of a network's security and level of protection against compromise, both internally and externally.
- Consultancy - Assistance with information security policies and procedures; secure network architecture design; gap analysis; supply, configuration, and on-site implementation of proprietary or third party security devices.
- Compliance Assessment Service - onsite review of all of the requirements and submission of the Report On Compliance to the card schemes.
If you have a security issue, or requirement, please get in touch with us for assistance on:
+44 (0) 845 3096232 or email@example.com.