Datacenter.com has achieved third party confirmed compliance with PCI DSS 3.2 and ISAE3402 standards. The certifications ensure that Datacenter.com has enterprise-grade controls in place to protect payment data while safeguarding the effectiveness of its internal control system (ICS) as a service organization and global provider of professional ICT outsourcing solutions.
The PCI DSS (Payment Card Industry Data Security Standard) certification would be an important accreditation for financials and ecommerce merchants collocated at Datacenter.com’s Amsterdam premises. The PCI DSS 3.2 standard provides a set of policies and procedures intended to ensure Datacenter.com customers that their card data and financial transactions within this colocation data center environment in Amsterdam are successfully being protected at all times.
ISAE3402 is the international acknowledged outsourcing standard for services organizations. It provides Datacenter.com customers with the assurance that their (sensitive) data is protected properly and adheres to stringent privacy guidelines. It also addresses risk management capabilities as well as anti-fraud measures taking into account the risks identified.
Datacenter.com’s third party compliance validation for these PCI DSS and ISAE3402 certifications did not require any additional adjustments when being finalized, said Jouke Albeda, security & compliance manager at Datacenter.com, mainly due to his previous working experience as an IT auditor for EY and BDO. “As an IT auditor for multiple consulting firms, I’ve conducted many IT audits including ISAE compliance for companies within the data center industry,” said Albeda. “Now that I’m operating on the client-side, my comprehensive IT audit experience comes in handy and it didn’t take us that much effort to help our AMS1 facility in Amsterdam successfully prepare for these compliance audits.”
Data Lifecycle Management Compliance
As Datacenter.com’s management team is placing great emphasis on compliance and security efforts, one of their first hires was actually Albeda, who as a compliance, privacy and security expert is driving Datacenter.com’s robust compliance management strategy.
“My comprehensive IT auditing experience allows us to go the extra mile for our customers when it comes to their compliance requirements,” added Albeda. “With regards to PCI DSS for example, you first have to define a scope to which the PCI DSS controls may apply. Upon defining your scope, you have to apply all security controls in the standard to the contained environment you have defined. Needless to say that an extensive PCI DSS scope will normally result in a more complex compliance trajectory that is harder to achieve. Not in our case. We chose to even include customer data lifecycle management in our PCI DSS compliance scope.”
So for Datacenter.com, achieving the PCI DSS compliance certification means that the company now even has third party accreditation for securely processing customers’ data carriers. “As a pure-play colocation provider we’re purely focused on delivering colocation data center services, we don’t do cloud for example,” said Jochem Steman, CEO of Datacenter.com. “We do carefully listen to the needs of our customers though, including CSPs, enterprises, broadcasters and online gaming providers. Providing our colocation services on-demand with month-to-month contracts is an important asset within our product portfolio. It caters to the needs of cloud providers and enterprises alike. We also expect data lifecycle management to be quite an interesting service, as it unburdens our colocation customers helping them to protect their data end-to-end.”
PCI DSS includes a set of security standards created in 2004 by Visa, MasterCard, Discover, and American Express. ISAE3402 was developed by the IAASB (International Auditing and Assurance Standards Board), prescribing Service Organization Control (SOC) reports, first being published in 2011. As Datacenter.com’s Security & Compliance Manager, Albeda is not only focused on maintaining these compliance accreditations. Other certifications already achieved or planned to obtain include ISO27001, ISO14001, ISO9001 and Uptime Institute.