Focus on your core business
Outsource PCI DSS tasks to professionals
PCI DSS is an information security standard for organizations handling credit card data. The standard was created to increase controls around cardholder data and to reduce fraud.
Customers can outsource most of the stringent PCI DSS tasks and requirements to us. We operate customer workloads within our PCI process framework according to a shared responsibility model.
With this model, our customers can concentrate on their core value added business processes and outsource the bureaucracy and maintenance required by the PCI DSS process to us.
Poplatek Managed PCI DSS hosting service has been productized so that it provides two main approaches for co-operation between us and our customers.
The approaches vary in regards to PCI responsibilities and thus have different hosting models:
- Application development, maintenance, and operations fully outsourced to us. We are responsible for developing the respective applications from software development perspective.
- Customer is responsible for application development but hosting of the application is outsourced to us.
When customer outsources both the software development project as well as maintenance and operations to us, all the related activities fall into our PCI scope and thus customer has very limited responsibilities.
If customer develops the application and outsources the operation and monitoring to us, the PCI responsibilities will be shared according to the responsibility matrix. In this case our customer has to be PCI DSS certified.
This service has many benefits. Our customers can shorten the time to market for new digital solutions requiring PCI compliance. Due to our highly automated service, cost savings are significant as our customers don’t need to attract, train, and maintain internal competencies for PCI related matters.
What this service includes:
- Service manager – single point of contact for continuous development
- Extensive support – fast response times directly from domain experts
- Test and production environments
- Round-the-clock monitoring of the applications & workloads
- Holistic security approach
- Logging, monitoring, and alerting
- Trainings on secure software development
- Guidance on meeting PCI DSS requirements