“IT-GRAD” HAS CERTIFIED ITS CLOUD COMPLIANT WITH PCI DSS STANDARD
At year-end of 2015 “IT-GRAD” group of companies successfully passed the audit for compliance with PCI DSS requirements having certified not only the physical hosting, like most service providers do today, but also its virtual infrastructure and management processes. “IT-GRAD” has become one of Russia's first service providers with managed PCI DSS services, or MSP-provider (PCI DSS Managed Service Provider). This certification enables us to provide in accordance with the standard requirements not only the physical hosting and equipment rental services, but also the virtual infrastructure rental in IaaS model and also infrastructure administration and management.
As part of the obtained MSP status “IT-GRAD” provides cloud in IaaS model, certified according to PCI DSS, ensuring safe payment cards handling for organizations which have placed their infrastructure at the side of the cloud provider where cardholder’s data are stored, processed, or transmitted. “IT-GRAD” takes responsibility to fulfill the mandatory requirements of the standard from the physical protection of the hosted servers up to operating systems administration and also provides compliance with safety requirements ensuring the cloud infrastructure protection and continuous monitoring of its safety.
“Migration of critically important systems beyond the internal infrastructure of the company is associated with a high level of confidence. In this situation, the client must be confident in the reliability of the chosen provider and in that confidential information processing occurs securely and that security violation threats are minimized. We have implemented a complete set of security mechanisms to reliably monitor and protect client systems in “IT-GRAD”. We follow and meet requirements of federal legislation in the field of information security, mandatory industrial standards and practices of regular independent audits. Due to internal regulations and practices of the company, “IT-GRAD” is focused on protection of its customers’ data. In order to gain trust and to provide systems and cardholders’ data protection we have been certified for compliance with PCI DSS v.3.1 Standard,” - comments Dmitry Tretyakov, Information Security Manager of “IT-GRAD”.
“Provided managed services in the context of the cloud in IaaS model certified according to PCI DSS are very relevant for the Russian market. Peculiarity of such services is not only in providing equipment for rent by the supplier but also virtual infrastructure rent as well as the ability of its administration in accordance with PCI DSS requirements. This service is particularly useful for small trade and service enterprises and for service providers which do not have their own IT and IS departments. Contacting a certified supplier, such as “IT-GRAD”, helps companies to simplify the certification process according to PCI DSS Standard and to protect cardholders’ data at a high level”, - marks Petr Shapovalov, Information Security Engineer of LLC “Deuterium”, PCI QSA.
Using the cloud in IaaS model certified according to PCI DSS, organizations will be able to significantly improve the level of card data environment security reducing the risk of financial loss from all kinds of incidents in the field of information security. Within the passed by “IT-GRAD” audit for compliance with PCI DSS Standard requirements, the service on using the certified cloud in IaaS model will help companies to take advantage of outsourcing in the field of compliance with the standard requirements more fully, focusing on the development of their business.