Passing PCI DSS certification
Reduce the time and cost of passing PCI DSS certification. When hosting your IT infrastructure in the GigaCloud cloud, you will get a free audit, and our partner, IT-Specialist, will perform a prompt, high-quality and convenient certification for your business with a 10% discount.
IT-Specialist is a Ukrainian integrator that provides a full range of services for PCI DSS certification. Together with GigaCloud and IT-Specialist, the payment data of your customers will be securely protected.
Who needs a PCI DSS certificate?
The requirements of the certificate apply to:
- banks (PCI DSS standard is applicable to all Ukrainian banks);
- trading companies;
- retail stores;
- call centres;
- payment gateways and other companies and organisations whose activities are related to the processing, transfer and storage of data about the owners of payment cards.
As required by the Payment Card Industry Security Standards Board, if your company stores, processes or transmits at least one card transaction or payment cardholder information during the year, you must be PCI DSS compliant.
Advantages of PCI DSS certification with GigaCloud and IT-Specialist
Assistance in passing PCI DSS certification
You have the opportunity to order a turnkey certification of your IT infrastructure. GigaCloud and IT-Specialist will carry out certification in the shortest possible time.
Free IT infrastructure audit
You can get a free audit of your cloud IT infrastructure. Our experts will calculate the necessary amount of technical resources and help you form requirements for cloud infrastructure.
Reliability and fault tolerance
The GigaCloud cloud infrastructure is hosted in two PCI DSS certified, TIER III data centres. This allows us to build fully reserved IT landscapes of any complexity.
Compliance with the requirements of international payment systems
You will be able to easily accept payments from your customers through the VISA and MasterCard payment systems without worrying about their security.
Reducing risks from possible information leakage
Your customers’ payment data are protected on three levels: physical, virtual and software, which increases the overall level of information security in the company.
Reputation and good name in the market
With a PCI DSS certificate and security of data processing, transmission and storage at all levels, your customers will be confident in your reliability.
Three “infrastructural” levels of the company are subject to audit:
- physical (physical equipment storage security);
- virtual (virtual infrastructure security);
- software (payment application security).
As a PCI DSS certified cloud operator, GigaCloud guarantees the security of its virtual infrastructure. We place our equipment in two PCI DSS certified data centres, GigaCenter and BeMobile.
This means that GigaCloud customers do not need to undergo two levels of audit — virtual and physical. This significantly reduces the certification time. IT-Specialist will help you pass the software audit.
Stage 1. Preparation for PCI DSS certification audit. It includes the following steps:
- Conducting a preliminary audit.
- Conducting an external scan of network vulnerabilities (ASV).
As a result of the preliminary audit, you will receive:
- Expert opinion with recommendations for eliminating non-conformities with the PCI DSS standard.
- Report on the results of the audit and recommendations (requirements) for preparation for a certification audit for compliance with the PCI DSS standard.
External scanning includes the following:
- Defining and negotiating external IP addresses for ASV network scanning.
- Setting up an automated tool (scanner).
- ASV scans the network for vulnerabilities.
- Analysis of ASV scan reports.
- Providing reports based on the results of ASV network scans.
Stage 2. PCI DSS compliance certification audit. It includes the following steps:
- Collection and analysis of organisational and regulatory documentation, information about system components of the customer’s Cardholder Data Environment (CDE).
- Analysis of processes related to the protection and maintenance of system components in CDE.
- Audit of the compliance of the customer’s CDE system components with the requirements of the PCI DSS standard.
- Analysis of reports on the evaluation of the security of the external and internal perimeter of the customer’s CDE network.
- Development of reporting documents for acquiring banks and International payment systems Report on Compliance (RoC), as well as Attestation of Compliance (AoC).
- Issuing a certificate of compliance with the PCI DSS standard (in case of full compliance with the standard).
The PCI DSS certificate is valid for 12 months. Two months before its expiration, you need to contact IT-Specialist to renew the certificate for the next year. For repeat requests, the procedure is simplified, and the cost is reduced.
Additional services
Penetration testing of the IT infrastructure is conducted by GigaSafe, a cyber security agency, which is part of the GIGAGROUP Group together with the cloud operator GigaCloud.
This prevents economic and reputational losses by checking and building efficient information protection of the company. The testing includes a check for vulnerabilities that may have arisen as a result of the improper configuration of systems or due to software shortcomings.
Pentest allows a clear assessment of the degree of resistance of the IT system to attackers’ attacks. It is made both for IT infrastructure and for various business applications.
If you move to GigaCloud, the first pentest is free. It should be done quarterly.
External scanning for vulnerabilities is conducted by GigaSafe experts.
According to the PCI DSS standard, you need to conduct a quarterly external scan for network vulnerabilities. The purpose of ASV scans is to identify errors in the architecture and configuration of systems that can be used to gain access to the customer’s systems, servers or internal network. In addition to formal compliance with the PCI DSS standard, an external scan of network vulnerabilities allows for assessing the security of the external perimeter of the customer’s network.
Backup as a Service is a data backup service in cloud storage. BaaS is the most reliable way to protect your data from loss in case of hardware or software failure, human error or a hacker attack. The E-Cloud backup service is built using Veeam solutions.
Veeam is the world’s leading developer of data backup solutions. Use Veeam Backup and Replication to configure a copy plan, selectively restore data and automatically make the required number of backup copies of the required type.
E-Cloud will allow you to do the following:
- Cloud infrastructure backup
- Creating backups from the client’s cloud
- Creation of backup copies of physical servers and individual computers
Learn more: https://gigacloud.ua/en/offer/baas
Disaster Recovery as a Service is a backup virtual data centre to replicate the client’s IT infrastructure into along with all the applications deployed in it. In case of a disaster in the main infrastructure, or even during its maintenance, you can switch to the backup infrastructure in a few minutes, ensuring uninterrupted operation. At the same time, maintaining inactive backup infrastructure costs only a few percent of the cost of the main infrastructure.
Learn more: https://gigacloud.ua/en/offer/draas
Order certification
Reduce the time and cost of passing PCI DSS certification
Provide your contact details, and our expert will contact you as soon as possible.