Linx Audited for PCI DSS

2023: Obtaining PCI DSS 3.2.1 Certificate of Compliance

Provider cloudy services and services data center Linx confirmed the full compliance of the cloud platform DPC and the requirements of the Payment Card Industry Data Security Standard 3.2.1 () PCI DSS for this category. This is IT infrastructures a check of the processes storages data bank cards and customer processing of the company. Linx undergoes PCI DSS recertification annually. Linx announced this on January 31, 2024.

Experts of the consulting information security company Compliance Control Ltd conducted a comprehensive QSA audit of the organization and confirmed its full compliance with the requirements of the standard for cloud providers and data centers.

The PCI DSS International Payment Card Data Security Standard is designed to provide protection against unauthorized access to user payment data that is stored, transmitted and otherwise processed in organizations.

A company applying for PCI DSS certification must demonstrate a high level of security information in systems at the physical, application, and network layers of the infrastructure. Mechanisms for controlling access to data, logging authentications events and actions are being checked, - said Georgy Belyakov, head of information security at Linx.

In addition, high-quality information security monitoring of the information infrastructure is needed. The company's organizational measures for data protection, as well as related reporting documents, are also subject to verification.

Comprehensive customer security is an ongoing priority for Linx. Despite the withdrawal from the Russian market of Visa and MasterCard, PCI DSS certification is still an important factor for us, since the Mir payment system security program also defines the need to comply with this standard. To confirm the high level of measures we are implementing in the field of information security, we regularly attract independent certification organizations, "Georgy Belyakov emphasized.

According to him, the independent examination of Compliance Control Ltd showed that when providing customers with digital cloud IaaS services Linx Cloud and data center infrastructure Linx Datacenter provider , it provides reliable protection and confidentiality of client payment data.

2021

PCI DSS Compliance Confirmation

Linxdatacenter confirms compliance with PCI DSS requirements. The company announced this on October 21, 2021.

Linxdatacenter's physical, virtual and network infrastructure, software and security systems were audited by Compliance Control Ltd.

The PCI DSS certificate confirms the high level of security of IT the company's services, including virtual solutions (), IaaS in terms of tasks, storages processing and transmission. data payment cards PCI DSS requirements are aimed at, information protection unauthorized access to which can lead to loss of privacy and money.

Linxdatacenter's practice relies on the annual PCI DSS certification of data centers in Moscow and St. Petersburg, including both the hardware and the cloud deployed on it.

According to forecasts of the international consulting company The Boston Consulting Group (BCG), the volume of card payments in Russia will grow at a rate that exceeds similar dynamics in the USA, Great Britain and Germany. At the same time, the average annual growth rate of transactions in Russia, according to analysts, will be 12%, and the amount of payments will increase by an average of 9%.

In general, for the period from 2010 to 2018, our country recorded a 30-fold increase in the volume of non-cash card transactions. In 2020, BCG included Russia in the top 5 leading countries in the dynamics of adapting private settlements to non-cash form during a pandemic.

As of October 2021, a high level of security of infrastructure and services is a prerequisite for the successful development of a commercial data center. Regular audits conducted by certification organizations give the company an independent assessment of the measures we are implementing in the field of information security, "said Georgy Belyakov, head of information security at Linxdatacenter.

Certification of the cloud platform of the data center in Moscow for UZ-2

Linxdatacenter on May 27, 2021 announced that it had completed certification of the cloud platform of the data center in Moscow. The platform officially meets the requirements for the IT infrastructure to ensure the second level of personal data security (UZ-2).

By passing the qualification, Linxdatacenter confirmed the competencies in the field of working with personal data in accordance with the requirements of the 152-FZ.

The level of security determines what personal data (PD) is supposed to be protected from in the information system. The level of security is influenced by the type of personal data - special, biometric, public and other; belonging to employees or non-employees of the PD operator; the number of PD subjects is more or less than 100 thousand.

The type of current threats formulated in the Decree of the Government of the Russian Federation of November 1, 2012 No. 1119 is also important. Thus, threats of the first type are associated with the presence of undocumented (undeclared), i.e. hidden capabilities in system software used in the information system (IS).

Threats of the second type imply the presence of the same capabilities in the IC application software. The third type is all risks that are not associated with the presence of undeclared capabilities in system and application software.

UZ-2 certification will allow the company to increase the level of customer security and expand the range of services provided within the framework of personal data processing projects.

"Cybersecurity remains an extremely important area of ​ ​ development of service providers due to the emergence of new types and models of threats. For customers, working with PD tasks according to UZ-2 requirements in our cloud greatly simplifies the passage of costly and long-term certification and certification procedures for a secure IT infrastructure, "said Georgy Belyakov, Linxdatacenter information security specialist.

Linxdatacenter is conducting system work to improve the security of data storage, processing and transmission systems in data centers. Two years ago, the company received an FSB license to work on data encryption.

Obtaining ISO 22301:2019 certification

The Linxdatacenter data center in St. Petersburg has passed BSI certification for compliance with the requirements of the international standard ISO 22301:2019 remotely. BSI announced this on March 25, 2021.

Linxdatacenter data center became the first data center in Russia certified by the international auditor company BSI according to the ISO 22301:2019 standard.

A feature of the certification project was the remote audit format combined with the use of augmented reality (AR) technologies and smart glasses. In a pandemic, it was possible to organize the certification process and ensure the full immersion of the auditor in work without leaving the data center. The BSI auditor from his office could observe the implementation of processes in real time, and Linxdatacenter specialists on secure direct broadcasting channels could transmit data to the virtual and augmented reality platform for verification by BSI experts.

ISO 22301 Business Continuity is a recognized international standard that provides for the requirements for the management system in order to protect the organization from interruptions in its activities, reduce their likelihood and provide conditions for operational recovery.

This is the first ISO standard based on the High Level Framework (HLS) to be harmonized with other globally recognized management system standards as of March 2021, such as ISO 9001 quality management and ISO/IEC 27001 information security management.

The pandemic, affecting companies around the world, has caused an increase in business continuity requirements critical to business continuity. This is what was emphasized in the update of the standard to ISO 22301:2019, which was certified by the Linxdatacenter data center.

In particular, it focuses more on planning changes to the business continuity management system, more clearly outlines a continuity strategy, and compliance plans provide a clear indication of how to assist specialist teams that address violations.

{{quote 'Obtaining ISO 22301:2019 meets our strategy in the field of compliance with the best world practices and requirements for the data center management system. ISO is the basic element in the certification system of any serious international business, a mark of the quality of the company's work, understandable to the entire business community. The certification of the data center for compliance with Business Continuity requirements in the interpretation of the best international specialists of BSI was the result of many years of work to improve the operational management of the site, noted by leading industry institutes and organizations, - comments the head of Linxdatacenter in St. Petersburg Taras Chirkov.}}

Linxdatacenter ISO 22301 certification demonstrates that the organization has processes and procedures that help to reliably protect against failures, reduce the likelihood of their occurrence, prepare for them, respond to them and recover if they occur. The certification will give the company's customers confidence that Linxdatacenter is using best practices and will ultimately help improve the sustainability of its business, adds Gigi Information security EMEA Robinson, head of product and business continuity for BSI regions.

2020: PCI DSS Compliance Confirmation

On October 28, 2020, the company, Linxdatacenter an international expert in the field of high-tech solutions storages and processing, and data, cloud services telecommunications confirmed full compliance with the requirements of the Payment Card Industry Data Security Standard 3.2.1 for cloud providers and. data centers

The PCI DSS certificate confirms the high level of security and reliability of the company's IT services, including virtual solutions (IaaS). The audit conducted by Compliance Control Ltd evaluated the entire physical, virtual and network infrastructure of Linxdatacenter, software and security systems. Independent experts investigated organizational and technical security measures implemented within the framework of cloud services and equipment placement services, as well as related documentation.

PCI DSS provides security requirements for holder data. payment cards The requirements are aimed at, information protection unauthorized access to which can lead to a loss of privacy and money. In accordance with these requirements, systems are evaluated at the information protection physical and application level, network infrastructure security, data access control and mechanisms, authentications event and action logging, information infrastructure security control, and much more.

Previously, the Linxdatacenter data center infrastructure To Moscow in and, St. Petersburg including the rooms of the machine rooms, access control systems and, video surveillances has already been certified for compliance with the PCI DSS standard. As a result of this certification, cloud services are also included in the list of company services that fully meet the requirements of the standard.

The PCI DSS audit demonstrated that Linxdatacenter IT solutions provide strong data protection and privacy and can be used by our customers to process payment card data. We have received confirmation of the high degree of security of our products and the ability to meet the requirements of big business, "says Georgy Belyakov, information security specialist at Linxdatacenter.

2018

ISO Compliance Confirmation

As of December 11, 2018, Linxdatacenter, an international expert in the field of high-tech data storage and processing solutions, cloud services and telecommunications, announces the confirmation of compliance with ISO 9001:2015 and ISO/IEC 27001 standards, as well as the change of the certification organization on audit procedures related to ISO.

The company's partner in this area was the British Standards Institution (BSI).

Linxdatacenter's cooperation with BSI on ISO certification is another step taken by the company to build sustainable business processes of the organization and further independent certification.

Up to this point, the ISO certification procedure for Linxdatacenter was handled by companies based in the EU and not constantly working in Russia, but as Linxdatacenter's business developed in Moscow and St. Petersburg, it was decided to transfer ISO audit tasks to Russia. One of the key requirements in addition to the authority and experience of the certification organization was the ability to conduct all the necessary audit procedures in Russian and English. This is due to the international status of the company and the mandatory maintenance of all operational documentation in two languages. The only organization that was able to meet the necessary criteria was the Russian representative office of BSI.

In the summer of 2018, Charles Corry, secretary of the BSI ISO technical committees, visited the company's data center in St. Petersburg. He praised the focused work of Linxdatacenter employees to ensure compliance with industry standards and information security standards. As of December 2018, BSI auditors confirmed full compliance of the Linxdatacenter management system with the requirements of ISO 9001:2015 and ISO/IEC 27001:2013.

author '= Taras Chirkov, head of the Linxdatacenter data center in St. Petersburg ' We were able to demonstrate to BSI the ability in practice to implement the concept of continuous improvement ("continuous improvement") in relation to data centers. BSI's approach to certification differs dramatically from other auditors in that the organization is engaged not only in formal verification of compliance, but also constantly works on the development of standards through dialogue with companies. We hope that the feedback we gave to BSI following the certification on data center management will be useful in the organization's further work to improve ISO standards.

Certifying version 3.2

On March 23, 2018, it became known that Linxdatacenter confirmed PCI DSS version 3.2 certification. for the data center in St. Petersburg.

PCI DSS (Payment Card Industry Data Security Standard) is designed to ensure the security of processing, storage and transmission of data about payment card holders in information systems of companies working with international payment systems Visa, MasterCard and others.

Linxdatacenter Data Center in St. Petersburg. Photo: hosting.kitchen

In Russia, compliance with the PCI DSS standard has become mandatory since 2007. Therefore, companies that process and store information about payment card holders and work with international payment systems are required to be certified annually for compliance with PCI DSS requirements. This certification is not mandatory for data centers, but is important for financial institutions - clients of data centers, as it means the reliability of the data center in terms of information security, including physical security.

The certification audit was conducted by Digital Security, which has PCI QSA status. The certification process was carried out in 2 stages: Analysis and systematization of the description of data center security systems, analysis of regulatory and administrative documentation, analysis of the topology of the network and software and hardware, and other actions in accordance with the methodology. At the second stage, a certification audit and report preparation were carried out.

"We are working systematically to improve the reliability and information security of our data center. PSS DCI certification is an independent expert confirmation of the data center's compliance with global safety standards. " 'Taras Chirkov, head of the Linxdatacenter data center in St. Petersburg '