PCI DSS Compliance Solutions

DataPipe was among the first to achieve Level 1 PCI Certified Service Provider status and is an active member of the PCI Security Standards Council. The PCI DSS standard provides a definitive set of requirements for merchants seeking to maintain PCI DSS compliance.

Our PCI solution is based on industry proven methodologies and best-of-breed service offerings. Our GPCI and CISSP certified professionals designed this solution to meet all PCI service provider requirements.

As a key element of our turnkey solution, we take a consultative approach with clients to ensure that the dual requirements of PCI DSS are clearly understood prior to implementation. We then define a clear plan for merchants to achieve and maintain PCI compliance.

Our turnkey solution includes the following fully managed services: firewall, two-factor authenticated VPN, antivirus / antimalware, intrusion detection, vulnerability assessment and notification, event management, file / system integrity monitoring, change control, patch management, project management, server configuration and management. DataPipe's physical security and policies and procedures meet or surpass PCI requirements and are audited annually by a Qualified Security Assessor. Clients can leverage DataPipe's Report on Compliance to fulfill on-site audit requirements.

15 Questions for your prospective PCI DSS Service Provider:

  1. Are you a PCI DSS certified service provider?
  2. Do you provide clearly defined details of which requirements are my responsibility and which are the service provider's?
  3. Do you offer a two-factor authentication solution for my employees who require remote access to our solution?
  4. Do you require your employees to use two-factor authentication when managing our solution?
  5. Do you offer daily (or automated real-time) log review, and store those logs for the required one year retention period?
  6. Do you protect the archived logs from modification via integrity checks and establish a verifiable chain of custody so that they may be used as forensic evidence?
  7. Do you implement file and system integrity monitoring so you are alerted if any critical system settings or files are altered that result in putting our solution out of compliance?
  8. Do you follow the proper four change control procedures as outlined by the PCI DSS specification (document impact and rollback procedures, receive management approval, and perform operational testing)?
  9. Do you architect our solution into multiple VLANs and configure your network security devices in accordance with the PCI DSS specification?
  10. Do you offer patch management services to guarantee patches are applied within the required 30 days?
  11. Do you have audited policies and procedures which adhere to section 12 of the PCI DSS?
  12. Do you offer Intrusion Detection, Vulnerability Assessment, and Antimalware services?
  13. Do you offer penetration testing?
  14. Does your security staff have CISSP, CISA, CISM, GCPI, SCSA, Security+, and MSCE 2003: Security certifications?
  15. Do you meet the physical security requirements including 90 days of video retention in your data centers?
©1998-2008 DataPipe | Site Map