Croc it is certified on compliance to requirements of PCI DSS

2017

On November 30, 2017 the Croc company announced certification of a cloud on compliance of PCI DSS — to the standard of the industry of payment cards which is comprehensively regulating questions of the information security (IS).

Now customers Croc — financial institutions, online retail, providers and other companies accepting bank card payments from clients via the websites — can be sure that they transfer the services to the cloud platform protected on the international standards with double guarantees of fault tolerance.

Preparation of a cloud platform, including DPC, virtual infrastructure and processes of operation under requirements of PCI DSS took more than one year. The cloud Croc is as a result improved: audit of all its components is carried out, special attention is paid to network mechanisms.

Obtaining the certificate is important also for those customers who do not perform on cloud resources Croc processing of payment cards. The list of requirements of the standard covers practically all spheres of security that allows "remove" the arising questions of Information Security Services of customers to a cloud platform and facilitate making decision on moving to a cloud Croc.

"The cloud Croc is a product which has no analogs in the Russian market as is our own development. It easily adapts to business challenges of big customers which transfer systems providing core-business. Distinctive characteristics of cloud services — the maximum degree of security of data, the highest performance, fault tolerance provided with a geographically-distributed structure of the platform a set of services which we render on its basis and also individual approach and the qualified, available support in mode 24х7 is our competitive advantages". Maxim Berezin, development director of cloud services of Croc company

"We book certified audits on compliance of PCI DSS about 9 years, but it is necessary to certify a cloud platform of such rank and scale to us for the first time. Employees Croc showed strong knowledge in information security field and within support of the cloud solution, ensuring its security, and in processes of safe software development". Andrey Gayko, QSA auditor, associate director of Digital Compliance

2015

On November 9, 2015 it became known of project completion of audit of virtual data center of CROC on compliance to the standard of security of PCI DSS (Payment Card Industry Data Security Standard). Audit of DPC the Digital Compliance company custom-made Platbox companies - it transferred the system of processing to DPC of CROC.

Project Tasks

At placement of the processing systems in a public cloud, according to the international standard of security of the PCI DSS payment cards (Payment Card Industry Data Security Standard), the provider of digital infrastructure should provide the relevant activities for data protection and guarantee security of information environment.

Office "Croc" (2014)

Project Results

According to the results of audit the CROC company received the recommendation of transition to two-factor authentication (2FA) at access to a self-service portal by means of which cloud customers manage computing resources.

2FA allows to reach the additional level of protection and to secure clients against unauthorized access to cloud resources, offering verification in two stages. In case of interception of the password or loss by the administrator of the customer of the notebook with entered earlier this, access to the portal will be complicated.

Specialists of provider implemented the recommendation of auditing company within one week.

"Experience of certification on the PCI DSS standards opens for us new opportunities for providing cloud services to other players of the market of payment systems and also in the long term will help to simplify organizational issues at transfer of the processing systems in a cloud for future customers. Infrastructure of our cloud is ready to migration of such customers and providing the required security level of payment these clients" — Maxim Berezin, the head of virtual data center of CROC told.

"To the company to CROC we were a minimum of notes. It uses the reliable equipment and the certified means of protecting. Responsibility of participants is fixed in strict SLA. It says about the high level of management of CROC, reliability of cloud services and following of the company to the international standards" — Pavel Fedorov, the managing partner of Digital Compliance reported.