Creating a culture of assurance.
As more services digitize more organisations need to offer credit card payments.
DigiPlex now has PCI/DSS certification for all its data centers. This important standard, created by the credit card companies, provides an enhanced level of assurance for our customers to store their customers credit card transaction data on servers in our facilities. But, whilst important, certifications for their own sake don’t add much value. Instead, DigiPlex is focused on creating a culture of assurance that anticipates customer needs and creates the right foundations to support their growth by helping them meet the emerging requirements of their customers. As more services digitise more organisations need to offer credit card payments. Our PCI/DSS certification across our estate helps our customers meet the requirement to secure cardholder data and so support the growth of their customers.
Achieving PCI/DSS compliance means that we must prove the physical security of our facilities. This includes our ability to:
- Allow only authenticated individuals to access servers and to distinguish between legitimate parties and other visitors to prevent unauthorised access to areas where credit card data is hosted.
- Continuous monitoring of the areas where cardholder details are stored.
- Ensure physical protection and prevent access to any removable media (such as USB drives) from being used with cardholder data.
It is possible to self-certify to meet these requirements, but we have chosen to use a third-party, IT Governance Ltd, to provide an entirely independent audit of our capabilities. We do this because although certifications attest to an ability to meet specific requirements, their true value comes in creating confidence for our customers. Using third parties to ratify our compliance adds value and builds that confidence.
This is an important certification, but we challenge ourselves to go beyond specific standards and to think about and then deliver the things that will add value to our customers. We don’t wait for customers to ask for specific standards or certifications. We want to anticipate what they might need and create new levels of assurance that allow them to grow their services and customer base.
PCI/DSS is just one example. As digitalization accelerates and so many aspects of daily life go online, the ability to take credit card payments is increasingly important for more and more businesses. Our PCI/DSS certification assures our customers, cloud service providers for instance, that they can store cardholder data with us and be PCI/DSS compliant. Crucially, this allows them to provide this assurance to their customers – digital businesses of all types – and support them in taking credit card payments. We are a vital part of this value chain and the foundation of trust along it. The assurance we provide helps our customers to grow by offering greater levels of assurance to their customers.
But compliance must not end with a certificate on the wall. We proactively develop confidence and opportunity by providing detailed compliance reports to all of our customers in a timely fashion. Transparency not only builds trust but provides the information that helps our customers develop trust with their customers and so grow. We think of it as a greenhouse effect – providing the environments in which customers can grow their business in our house. Attention to detail is key to creating this assurance culture. For example, most customers report on an annual basis from January to December, so we time our reports to be November to October. This allows customers plenty of time to integrate data and certifications from our reports into theirs.
The more quality information they can add the more they can leverage our assurance to grow their business. Our go to market teams proactively offer detailed insights to help customers win business – whether this is proof of assurance on security or our sustainability metrics, we want customers to leverage our leadership to win new clients and expand existing customers. Using consistent reports, data and assurance measures across all our sites means that customers can rely on standardised reporting and make site-by-site and year by year comparisons helping with audit-ability.
PCI/DSS certification adds to our comprehensive assurance credentials, from numerous ISO standards covering information security, environmental management, quality and occupational health, to our unique combination of both SOC1 (for US regulators) and ISEA (for Europe) financial reporting. Customers can be confident that not only does DigiPlex meet all the compliance certifications needed, but that it will constantly work with them to provide the assurance they need to develop their business in our facilities.
Article written by Steven Moir, Compliance and Assurance Director