DataSpace meets PCI DSS 4.0 requirements

2024: PCI DSS 4.0 Qualification

DataSpace was audited and certified for compliance with the international PCI DSS 4.0 security standard, which establishes mandatory requirements for the required level of security of payment systems. The company announced this on September 24, 2024. These requirements are mandatory for implementation and implementation by organizations that store, process and transfer payment card data, as well as organizations that have the possibility of influencing the security of payment card data. DataSpace has been undergoing an annual independent audit for PCI DSS compliance since 2018.

PCI DSS version 4.0 sets out significantly more stringent requirements, with increased emphasis on ensuring continuous monitoring of incidents, monitoring and eliminating newly emerging potential risks - on a regular basis. Serious changes affected the provision of physical security and relevant organizational measures. In particular, now, at least once a year, it is necessary to analyze the physical security of information and backup locations, maintain an up-to-date and timely update the list of information infrastructure components and configuration standards, regularly analyze payment card data flows within the organization and when exchanging with third parties, control network segmentation, etc.

Ensuring the level of protection required by the standard is achieved by the availability of necessary and sufficient competencies of personnel, implemented measures, processes and procedures based on a risk-oriented integrated approach to safety. Many years of practice, mature processes and specialized competencies of DataSpace are confirmed by the external independent Russian auditor - DialogueNauka.

In accordance with our strategy, we adhere to an integrated approach to ensuring the physical and information security of all customer resources located at our sites, "said Kirill Pavelyev, Vice President of Technology at DataSpace. "Therefore, we not only regularly bring new services in demand to the market, but also help customers integrate them into a single secure environment, no matter what tough security requirements are imposed.

2021: PCI DSS 3.2.1 Audit

DialogueNauka, a system integrator in the field of information security, conducted an annual audit of DataSpace for compliance with the PCI DSS 3.2.1 standard. For the seventh time, the DataSpace data center has successfully passed the annual PCI DSS 3.2.1 certification, confirming the level of security required by the standard for placing payment systems. This was reported on April 28, 2021 in DialogueScience.

DataSpace is an operator Commercial Data Center in Russia that provides a guaranteed level of services and a high level of reliability and security for the deployment of critical IT infrastructures the Russian and international companies. DataSpace in its activities is guided by international standards, including when choosing partners consulting and companies.

Many years of experience in consulting and certification for compliance with the PCI DSS payment card industry data security standard was the main criterion for choosing DialogScience for the audit. As a result of the audit, Dataspace confirmed the availability of all necessary measures, tools and processes that properly meet the requirements of the PCI DSS 3.2.1 standard.

"DataSpace is successfully audited for the seventh time, and during this time we see improvements and updating of procedures taking into account the changing situation, including the need to switch to remote operation, which arose in 2020. Verification of compliance with international PCI DSS requirements showed that DataSpace fully meets the strict requirements for information security of payment systems, and, accordingly, a PCI DSS 3.2.1 certificate of compliance was awarded. We thank DataSpace for choosing DialogueScience as the project executor, we hope to continue mutual cooperation in the future, "said Alexander Krupchik, Business Development Director and Head of PCI DSS at DialogueScience JSC.

2016

In 2016, an audit conducted by DialogueNauka experts confirmed the compliance of physical security measures, access control policies and the depth of video surveillance systems archives with the updated requirements of the PCI DSS version 3.1 standard.

2015

On April 29, 2015, it became known data center DataSpace1 that the certification procedure and the receipt of a certificate of compliance with the standard had been completed. PCI DSS V.3 Certification DPC DataSpace1 was carried out by the company "." DialogNauka^[1]

achievement confirms that the DataSpace1 data center meets the high security requirements of the payment card industry," said Kirill Pavelyev, vice president of technology at the company. "Having DataSpace1 PCI DSS certificate will make life much easier for our customers in the payment systems and financial sector."

Data Center Building, 2014

PCI DSS describes the rules for ensuring the security of information about payment card owners when processing, transferring or storing it. It was developed by the PCI DSS board, which included companies such as Visa, MasterCard, JCB, American Express and Discovery. The presence of a PCI DSS certificate at the data center ensures that customer data is protected from potential fraud or theft of information during transactions.

Notes