Leading Irish Data Centre operator Servecentric recently announced that they have been accredited as a PCI-DSS 3.2 Compliant Service Provider.
To find out more about what this means to their clients, we caught up with Servecentric’s Commercial Director, Brian Roe.
Why did Servecentric decide to become PCI-DSS compliant?
Primarily, we knew informally that we have been PCI-DSS compliant for some years now, so it’s really the audit and ratification process that we had to go through. Our business is built on providing highly available Data Centre services to clients, and security is a key element of this. To this end, in conjunction with the ISO9001 and ISO20000 standards, we were already ISO27001:2013 certified. This certification relates to Information Security Management, and there is a lot of common ground with PCI-DSS.
To answer your question, our company provides services to organisations across the globe, particularly in the US, and ISO 27001 is more broadly recognised in Europe than in the US. We also provide services to a number of clients who are dealing with Payment Card data. Being independently assessed as PCI-DSS compliant helps in both of these scenarios as it is a global standard. We have certainly been asked the PCI-DSS question on a number of occasions in the past couple of years – now we have the answer!
Was the process difficult?
For us, the process was reasonably straightforward. Again, most of the groundwork was covered by our current processes, so we just needed to scope the project (for example, Servecentric does not operate handheld credit card readers, so this would be out of scope). Once this scoping exercise was completed, we ensured our existing processes, procedures and corresponding documentation were aligned with the PCI-DSS requirements and then engaged a QSA (Qualified Security Assessor) to guide us through the process and to validate our Self Assessed Questionnaire (SAQ). We engaged Ward Solutions, one of Ireland’s leading Information Security Providers, who provided the expertise to see the project through.
Did the project take long to complete?
No. Once we decided to go down this route, things moved pretty quickly. As we had most of the processes already in place, we were able to get the initial workshop and review carried out, followed by completion of scoping and final validation. The whole process took less than a month from start to finish.
So what’s next for Servecentric?
Well, we’re not relaxing after this! We have a very successful colocation, connectivity and managed services business, backed by a strong, 24 x 7 x 365 onsite technical team. To complement these services, we are going to release a fully managed, self-service cloud platform that will deliver scalable, high-performance compute and storage solutions for our clients. We are on target for release in July, so watch this space!
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. Servecentric has been independently audited by a QSA (Qualified Security Assessor) to be PCI-DSS 3.2 compliant.
To find out more about Servcentric and the various services they offer, please click here.