GigaCloud was the first Ukrainian cloud operator to receive a certificate of compliance with the PCI DSS information security standard.
PCI DSS is an international standard that regulates the information of payment security. It was developed in 2005 by the Payment Card Industry Security Standards Council. Visa, MasterCard, American Express, JCB and Discover initiated the creation of the Council.
The PCI DSS certificate must be obtained by companies that accept, transfer or store the data of international user cards: primary card number (PAN), holder’s name, validity period and service code. Such companies are divided into two groups: trade and service companies and service providers. GigaCloud belongs to the second group.
“As a cloud operator, we must not only ensure the stable operation of our clients’ IT services, but also reliably protect their critically important data,” says Artem Kokhanevich, CEO of GigaCloud. “In 2016, we obtained the ISO 27001 international information security certificate. Since that time, GigaCloud has been annually audited for information security, and each time it improves its IT security level according to the results of such an audit. The PCI DSS certificate is another confirmation that we provide clients with a reliable infrastructure, and the security of their processes and data is at the highest level.”
PCI DSS consists of six control zones and contains 12 basic requirements for the processing and transmission of critical data. Each requirement is divided into 20-30 more detailed ones. In total, there are approximately 260 conditions. Read more about PCI DSS certification at the link.
Carrying them out by the company is a long, laborious and expensive process. It can take years. If the company is hosted in the cloud with PCI DSS, the audit period and the cost of organizing an adequate level of data protection are reduced many times. GigaCloud received a first-level certificate. This allows companies that conduct more than 300,000 transactions per year to be hosted in our cloud. Our company is responsible for the following:
- control of access to information resources and infrastructure;
- network shielding;
- protection against all types of unauthorised access;
- regular infrastructure scanning to identify potential threats and vulnerabilities;
- backup copies of disks of virtual machines;
- Infrastructure administration in accordance with the PCI DSS requirements.
By the way, the GigaCenter data centre, which together with GigaCloud is part of the GIGAGROUP group of companies, also underwent PCI DSS certification at the same time as GigaCloud did.
The certification was carried out by the IT Specialist company. Anatoliy Zhuravlyov, director of the audit and information security certification department of the IT Specialist company, said: “We have extensive experience in conducting PCI DSS compliance audits in Ukraine, the CIS countries, and Europe. We know how information security processes are organized in many fintech companies and banks. We have something to compare with and we can say with confidence that all processes related to information security in GigaCloud and GigaCenter are organized at a high level. The inconsistencies found during the audit were related only to the specifics of the requirements of the standard, there were no critical remarks.”