DataLine received safety certificates ISO/IEC 27017:2015 and ISO/IEC 27018:2019

2022: ISO 27017:2015 and ISO 27018:2019 certification

Cloudy provider DataLine February 22, 2022 announced the receipt of a certificate of compliance with international security standards data in the cloud ISO 27017:2015 and ISO 27018:2019.

Standard ISO 27017:2015 regulates the security of the provision of cloud services by the provider. The certification process for this standard took into account compliance with the recommendations and practices for ensuring the security of DataLine cloud services, as well as transparency of actions taken with personal data in the cloud. The ISO 27017:2015 certificate applies to the following services of the company: virtual infrastructure (IaaS) based on VMware, Hyper-V and Tionix, platform solutions (PaaS), including Kubernetes, object storage S3, VDI and corporate e-mail hosting, as well as IB services: NGWF, WAF authentication.

ISO 27018:2019, in turn, contains requirements for the protection of personal information of entities processed by customers in the cloud. To verify compliance with this standard, all the measures described in the document to protect personal information in the cloud were evaluated. The scope of the ISO 27018:2019 certificate is a cloud for processing personal data in accordance with 152-FZ (Cloud-152), object storage S3, virtual desktops (CitrixVDI) and "Cloud Disk," operating on the basis of Cloud-152.

"ISO 27017:2015 and ISO 27018:2019 are among the few documents regulating information security for cloud services, so confirming compliance with their requirements was an important task for our company. Having received these certificates, we guarantee our customers the security of cloud services and the safety of their personal data at the level of world practices, "said Vasily Stepanenko, director of the DataLine cyber protection center.

The new certificates complement the previously obtained ISO 27001:2013 DataLine Certificate of Compliance on the Information Security Management System.

2021: Certification of additional IB services to PCI DSS requirements

The DataLine company reported on August 11, 2021 about certification of additional IB-services on requirements of the international standard of safety of payment data of PCI DSS (Payment Card Industry Data Security Standard) of version 3.2.1.

As part of the annual audit, the DataLine passed certification for compliance with the PCI DSS standard for new IB services. The portfolio of services for working with international payment systems was supplemented: the Next Generation Firewall service, which provides security for the corporate network perimeter, and multifactor authentication (MultiFA) to protect access to corporate applications. The company also confirmed compliance with the requirements of the Cloud-152 cloud infrastructure standard, certified according to the requirements of the Personal Data Act (152-FZ). Other services underwent recertification: S3 object storage, also complying with 152-FZ standards, and Web Application Firewall.

The current version of the PCI DSS - 3.2.1 payment data security standard contains detailed technical and organizational requirements, the implementation of which guarantees the safe processing of data about payment card holders, as well as their transfer and storage in IT systems of other organizations in their business processes.

The DataLine PCI DSS certificate allows companies in the industry finance to use the virtual infrastructure cloud services provider for their work and be confident in the security of transactions and the preservation of user payment data.

"We not only help our customers ensure the practical security of their infrastructure and critical systems, but also guarantee compliance with the requirements of regulators, including international payment systems. In the future, we plan to continue expanding the portfolio of services that comply with the PCI DSS standard, "said Vasily Stepanenko, director of the DataLine cyber defense center.

2020: ISO/IEC 27001:2013 recertification audit

British Standards Institution (BSI) conducted a full recertification audit of DataLine for compliance with the requirements of the international standard ISO/IEC 27001:2013. The certificate scope includes OST and NORD sites. This was reported by DataLine on January 26, 2021.

The audit was conducted according to the list of services:

• Placement of equipment in the data center.
• Lease virtual resources.
• Hosting e-mail.
• Communication services.
• Network security.
• Protect web applications.
• Multi-factor authentication.
• Protection against. spam
• Administration of equipment and system software.
• Advise clients on compliance of information systems with standards.

This certificate is valid until January 20, 2024 and has the same number IS 577456. This is convenient for customers who provide links to service provider certificates within their own information security management system.

2015: Two external audits for PCI DSS and ISO/IEC 27001 compliance

At the end of December 2015, DataLine underwent two external audits for compliance with international information security standards: PCI DSS and ISO/IEC 27001. For the first time, DataLine passed the PCI DSS colocation service audit at the end of 2010 and has since confirmed its compliance with international standards annually.

DataLine is preparing to certify virtualization services to this standard. The audit is scheduled for 2016, the company said. At the end of the year, the DataLine confirmed compliance with ISO/IEC 27001 for the fourth time. The company demonstrated to BSI auditors the effectiveness of the information security management system used and the availability of the necessary technological tools to protect customer data located in the company's data centers, the DataLine said.

As part of the ISO/IEC 27001 audit, the following services and processes were checked: placement of equipment in the data center; provision of communication services to clients; rental of virtual servers; MS Exchange-based mail hosting protection against network attacks; administration of operating systems, databases, active network equipment; providing customers with access to the equipment located in the data center; Process customer requests (via support) reporting to customers.