As head of Operations at Instart Logic, I am excited to announce that our company has achieved a major milestone in the maturity of our service offering: full compliance with Payment Card Industry Data Security Standard. PCI DSS Level 1 is the highest level of compliance. We have successfully implemented a wide list of information security, business process and physical security requirements, and also passed a very detailed on-site audit performed by a third-party company.
For readers who are not familiar with the PCI standard, it was created by the Payment Card Industry Security Standard Council to increase controls around cardholder data, in order to reduce the risk of credit card fraud. The standard covers 12 main requirements which unfold in more than 200 sub-requirements, and the audit process includes more than 700 checkpoints.
The PCI standard revolves around protecting cardholder data at rest, during processing, and in transit. Instart Logic does not process or store any cardholder data of our customers, but we do transmit their cardholder data using encrypted SSL connections as a part of our application delivery service. Instart Logic is known as a very successful web and cloud application delivery provider for numerous e-commerce companies (like Dollar Shave Club or wine.com) that accept credit card payments via the website and are required to be PCI-compliant. Since Instart Logic’s PCI customers are required to maintain the compliance along the entire path from end users to our customers’ origin servers, Instart Logic is also required to manage PCI-compliant infrastructure to transmit the data.
A far-reaching security standard
PCI DSS covers a wide range of aspects of a modem information system like network security (firewalls, network partitioning), configuration standards for all service components (servers, routers, firewalls), protection of data integrity, the strength of SSL protection for transmitted data, timely patching of discovered software security issues, and many others.
PCI DSS Level 1 certification requires that a third-party Qualified Security Assessor (QSA) performs a full audit of the company. It takes months to prepare, and the on-site audit by a contracted QSA runs several weeks. Some of you reading this are responsible for PCI compliance, and you are looking for the next sentence as confirmation, so: Yes! Instart Logic has received the final Attestation of Compliance (AoC) document proving that the company met all 12 requirements of PCI DSS.
Achieving PCI DSS certification is not easy, and it requires putting in place numerous controls and processes. Only a mature, well organized, highly secure, and service-oriented company can achieve the highest level of PCI DSS security less than a year after launching its public service, as Instart Logic has done.
Obviously, our prospects and customers who run PCI-compliant websites and use our application delivery service to provide faster services to their users will appreciate our new compliance status, for both peace of mind and support of their own PCI compliance status. Under industry-standard non-disclosure, Instart Logic can share its Attestation of Compliance certificate with companies that need proof of PCI certification status for their compliance obligations.
E-commerce and website operators with mandated PCI compliance can now take advantage of the best application delivery service available, knowing they will continue to satisfy the strict information security requirements of PCI DSS.