Become Fully PCI DSS Compliant

Tel: +44 (0) 800 781 6061
Email: sales@extramsp.com

The Payment Card Industry Data Security Standard (PCI DSS) is a framework designed to help develop a sound process for payment card data security. It includes information to prevent, detect and take appropriate action in the even of security incidents relating to payment card data.

PCI DSS High Level Overview

The table below shows the key 12 areas required for full PCI DSS compliance.

Extraordinary has experience in guiding clients through the process of building cloud services that meet these requirements.

	PCI Control	Extraordinary Service
Build and Maintain a Secure Network	1. Install and maintain a firewall configuration to protect cardholder data	Managed Firewall
	2. Do not use vendor-supplied defaults for system passwords and other security parameters	Vulnerability Scanning
Protect Cardholder Data	3. Protect stored cardholder data	Customer Responsibility
	4. Encrypt transmission of cardholder data across open, public networks	SSL Certificates
Maintain a Vulnerability Management Program	5. Use and regularly update anti-virus software or programs	Anti-virus
	6. Develop and maintain secure systems and applications	Customer Responsibility
Implement Strong Access Control Measures	7. Restrict access to cardholder data by business need to know	Directory Services e.g. Active Directory
	8. Assign a unique ID to each person with computer access	Two factor authentication
	9. Restrict physical access to cardholder data	Data centre security meets these requirements
Regularly Monitor & Test Networks	10. Track and monitor all access to network resources and cardholder data	Splunk Log Management
	11. Regularly test security systems and processes	Some aspects can be covered by vulnerability scanning
Maintain an Information Security Policy	12. Maintain a policy that addresses information security for all personnel	Customer Responsibility