The Bunker achieves highest level of PCI DSS certification
The Bunker, provider of Ultra Secure Managed Hosting, Cloud Computing, Colocation, and Outsourced IT services from within Europe’s most secure data centres, is pleased to announce that it has achieved certification on all 12 of the Payment Card Industry Data Security Standard (PCI DSS) requirements at both of its data centres. This makes it one of the few organisations able to offer a full end-to-end PCI DSS service based on pre-certified components.
Achieving this significant milestone means that The Bunker can deliver PCI DSS certified credit card payment processing solutions more quickly and with more flexibility than other service providers, which are typically already certified against only two of the 12 requirements.
Last year The Bunker embarked on an intensive programme to upgrade its PCI DSS status to “Managed Services” and to bring its Newbury facility within scope. This means that an independent Qualified Security Assessor (QSA) has pre-certified all of the components required, making the deployment and ongoing monitoring of client systems a much more straightforward process that does not need to be designed from scratch every time.
Any business that stores, transmits or processes credit card data must comply with the PCI DSS. The standard comprises of 12 requirements which in turn break down into over 200 sub requirements and cover all aspects of an environment from network security, build standards and encryption, through to your organisation’s policy and processes for change management, access control and monitoring. Complying with the standard can often be confusing and time consuming for a business, and outside of its core business focus. Achieving the certification however is not optional, and the penalties from credit card issuers and the Information Commissioner’s Office can be severe.
The Bunker’s experience with many PCI DSS certifications allows it to advise clients on the most appropriate roles and responsibilities, ensuring that all required tasks are dealt with by the most appropriate party, and that nothing gets overlooked in this highly complex certification environment. It hosts and manages a range of services for its PCI DSS certified clients, with services ranging from colocation through to fully managed, monitored and audited systems for customers including Moneybookers, Commidea and Anderson Zaks.
The majority of data centres within Europe and the US which offer PCI DSS related services typically only conform to requirements 9 and 12 (recognised as “Hosting Provider” status on the Visa list of validated service providers) and do not often have the ability to provide a full end-to-end PCI DSS service based on pre-certified components. Having achieved an Attestation of Compliance for all of the 12 PCI DSS requirements The Bunker is now in the top tier of PCI DSS Service Providers which clearly demonstrates The Bunker’s professional approach and focus on the physical, digital and human aspects of security.
Peregrine Newton, CEO said, “I’m delighted to be able say The Bunker is one of a small number of organisations to be able to boast such an achievement. This confirms The Bunker’s position as the leading provider of PCI DSS certified solutions. Many organisations provide 2 of the 12 requirements, but to have all 12 requirements pre-certified offers our clients a lower risk, lower cost route to certification with the flexibility needed to augment their existing capabilities.”
“Complying with all of the requirements was no small undertaking, but with the assistance of our Qualified Security Adviser (QSA) partner Convergent Network Solutions, we can now take responsibility for as much or as little of this very complex compliance requirement as our clients wish, allowing the customer to focus on what they do best.”
Kevin Dowd, Director of Security Assessment, CNS added, “The Bunker has successfully demonstrated that it’s processes, systems, policies and procedures comply with the relevant requirements of the PCI Data Security Standard and, as such, has attained the Managed Services provider accreditation. The Bunker can now provide a comprehensive PCI DSS compliant environment to its customers seeking PCI DSS compliance as a merchant.”
Achieving the PCI DSS certification on all 12 requirements at both its Kent and Berkshire data centres is part of The Bunker’s ongoing commitment to security standards. Both data centres are also ISO27001 certified, and connection to the NHS National Network (N3) has recently been reapproved. “The Bunker will add more security standards to its list of accreditations as we expand into new markets. Security is in our DNA,” concluded Newton.
About The Bunker
The Bunker delivers Ultra Secure Managed Hosting, Cloud Computing, Colocation, and Outsourced IT services from within Europe’s most secure data centres.
Our data centres, which are outside the M25 yet within easy reach of London, are military-grade nuclear bunkers purpose built to house the UK’s air defence systems. We run 24/7/365 – our NOC monitors systems both nationally and internationally and is staffed around the clock by system and network engineers and security staff. The Bunker is ISO 27001 accredited and PCI DSS certified and follows ITILv3 best practice and PRINCE2 project management standards.
Our clients are health service, financial services organisations, technology companies, government and other regulated businesses that value a premium service built around security.
For more information visit www.thebunker.net
