Cogeco Peer 1 PCI DSS Compliance. Overview

Similar documents
CHOOSING A DATA CENTER. A Cogeco Peer 1 Guide

SOFTWARE-DEFINED WAN (SD-WAN)

COGECO PEER 1 MISSION CRITICAL CLOUD

Design Build Services - Service Description-v7

Daxko s PCI DSS Responsibilities

SECURITY PRACTICES OVERVIEW

Merchant Guide to PCI DSS

PCI DSS COMPLIANCE 101

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

PCI DSS 3.2 AWARENESS NOVEMBER 2017

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Payment Card Industry (PCI) Data Security Standard

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.2)

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

Payment Card Industry (PCI) Data Security Standard

PCI Compliance. Network Scanning. Getting Started Guide

SAQ A AOC v3.2 Faria Systems LLC

David Jenkins (QSA CISA) Director of PCI and Payment Services

The Devil is in the Details: The Secrets to Complying with PCI Requirements. Michelle Kaiser Bray Faegre Baker Daniels

Data Security and Privacy at Handshake

PCI compliance the what and the why Executing through excellence

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Customer Compliance Portal. User Guide V2.0

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

IBM Managed Security Services - Vulnerability Scanning

Cogeco Peer 1 Mission Critical Cloud

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

PCI COMPLIANCE IS NO LONGER OPTIONAL

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Self-Assessment Questionnaire A

Welcome ControlCase Conference. Kishor Vaswani, CEO

Payment Card Industry (PCI) Data Security Standard

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

OptiSol FinTech Platforms

June 2013 PCI DSS COMPLIANCE GUIDE. Look out for the tips in the blue boxes if you use Fetch TM payment solutions.

KantanMT.com. Security & Infra-Structure Overview

PCI DSS Compliance and the Cloud

IBM Security Intelligence on Cloud

Payment Card Industry (PCI) Data Security Standard

The Common Controls Framework BY ADOBE

Payment Card Industry (PCI) Data Security Standard

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Section 1: Assessment Information

PCI DSS Q & A to get you started

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Navigating the PCI DSS Challenge. 29 April 2011

PCI Compliance Updates

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

University of Sunderland Business Assurance PCI Security Policy

Security and Compliance at Mavenlink

The PCI Security Standards Council

Online Services Security v2.1

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Custom cloud hosting for your Sitecore Experience Platform.

SoftLayer Security and Compliance:

t a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.

Payment Card Industry (PCI) Data Security Standard

Data Sheet The PCI DSS

WHITE PAPER- Managed Services Security Practices

IBM Case Manager on Cloud

Your Trusted Partner in Europe European Business Reliance Centre

Payment Card Industry (PCI) Data Security Standard

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Payment Card Industry (PCI) Data Security Standard

SECURITY & PRIVACY DOCUMENTATION

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version to 2.0

Altius IT Policy Collection

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

SCALEFAST COMMERCE CLOUD INFRASTRUCTURE

Payment Card Industry Data Security Standards Version 1.1, September 2006

Google Cloud Platform: Customer Responsibility Matrix. December 2018

PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing

Section 1: Assessment Information

Commerce PCI: A Four-Letter Word of E-Commerce

Site Data Protection (SDP) Program Update

Payment Card Industry (PCI) Data Security Standard

A company built on security

Will you be PCI DSS Compliant by September 2010?

Merchant Certificate of Compliance

Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0

Payment Card Industry (PCI) Point-to-Point Encryption

Business Continuity Management Standards A Side-by-Side Comparison

Blueprint for PCI Compliance with Network Detective

RADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

Advanced Certifications PA-DSS and P2PE. Erik Winkler, VP, ControlCase

2012PHILIPPINES ECC International :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA

Transcription:

Cogeco Peer 1 PCI DSS Compliance Overview Cogeco Peer 1 provides Payment Card Industry Data Security Standards (PCI DSS) compliant Managed Hosting in select datacenters, facilitated by the availability of purpose-built administrative zones within these data centers that serve as a trusted source for customer PCI DSS systems. This enables customers to run a compliant solution that includes management of servers, load balancers, firewalls, switches, and other components that when undergone the proper PCI DSS Level 1 Audit conducted by the customer s Qualified Security Assessor (QSA). For ordered services that specify PCI DSS Compliance, Cogeco Peer 1 will provide PCI-Compliant managed hosting services. For customers, this means the following: Solutions will be built in secure physical data center facilities Managed patching will be available for services Windows antivirus will be available for appropriate services Hardened OS builds that meet CIS (Centre for Internet Security) benchmarks 1 Log monitoring of all administrative infrastructure File integrity monitoring of all administrative infrastructure Intrusion detection of all administrative infrastructure 1 In compliance with PCI DSS Requirement 2, Cogeco Peer 1 has developed and documented a hardened RHEL 5 & 6 build / Windows OS that meet CIS benchmarks. The actual build does not form part of the Attestation of Compliance (AOC) and each customer needs to confirm independently, and with their QSA if not being self-assessed, that the build meets their particular PCI requirements. Cogeco Peer 1 will maintain the build and be aware of any changes recommended by the (CIS) and implement accordingly.

PCI-Compliant Managed Hosting What Cogeco Peer 1 delivers as a part of PCI-Compliant Managed Hosting All policies regarding activities up to the point that services are turned over to customers in order to comply with current PCI DSS requirements. Temporary passwords for PCI compliant services are provided to customers via phone upon turning over services to customer, and customers are required to immediately change those passwords. All access to customers systems by Cogeco Peer 1 is encrypted, and protected by two factor authentication, with all access logged and monitored. Penetration and vulnerability testing of administrative infrastructure occurs on a regular basis. All internal infrastructures in scope for PCI are kept up to date with system patches. All drives from PCI compliant systems are wiped or destroyed upon decommission, including SAN drives, if applicable. Cogeco Peer 1 will ping and port check monitor PCI systems, but may not perform any action that requires logging into customer system, as customer passwords are not stored at Cogeco Peer 1. Cogeco Peer 1 will attempt to contact customer upon successive ping or port check failures, in an attempt to assist in remediation of condition causing the failure. Cogeco Peer 1 will document, maintain, and update the functional and security configuration standards of repositories for relevant supporting systems used by standard services and/or servers purchased by the customer as a value added service. Customer is free to patch from other sources if these are not available or where they have a business requirement to do so. Available Datacenters PCI compliant managed hosting is available in the following Cogeco Peer 1 datacenters: Atlanta Miami Los Angeles Portsmouth Toronto Customer Responsibilities Customers are ultimately responsible for understanding and meeting their acquiring financial institution or payment card brand s specific PCI requirements. Customers are responsible for completing all compliance requirement documents required by their acquiring financial institution or payment card brand, including any self-assessment questionnaire. Customers are required to change their passwords immediately upon receipt of service from Cogeco Peer 1. Customers must obtain user-level certificates for use with two factor authentication, and only access their systems with two factor authentication. Customers must encrypt their application data, in line with PCI DSS requirements, and manage their own encryption keys. Customer is responsible for reviewing security bulletin patches and ensuring that any recommendations that are applicable to Customer s environment are reviewed and implemented as necessary. Customers must accept/apply regular system updates, in line with PCI requirements. 2

Standard Services for PCI Compliance Cogeco Peer 1 offers the following services as our standard PCI DSS Compliant hosting solution to assist customers to meet their full PCI requirements. 2 Relentless Intrusion Detection Log Management and Review Service Vulnerability Scanning Web Application Firewall services Cogeco Peer 1 will work with you to make sure your unique PCI needs are met, and in the event our standard solution does not fit your requirements, you may customize your solution to suit your business needs. PCI Managed Firewall Description Installed and managed by Cogeco Peer 1 Defined set of default firewall rules, with no admin ports available via Public Internet only via jump box and two factor authentication Copy of documented configurations/rule set is kept by Cogeco Peer 1 Customer business justification required for opening up additional ports / rule changes Cogeco Peer 1 will advise if requested change may be detrimental to customer security All changes are documented and base lined against original configuration Only team leaders and senior members are able to sign off changes to the Firewall rules Process All requests for firewall modifications should be made via http://mypeer1.com by an authorized technical contact. If requested via logging into http://mypeer1.com and submitting request no further validation is required. If requested via email into http://mypeer1.com an email response confirming the change needs to be acknowledged by the customer prior to making any changes. If submitted via the account managers into http://mypeer1.com an email response confirming the change needs to be acknowledged by the customer prior to making any changes. 2 These are recommended products and services that are compatible when suitably configured in a PCI solution but they are not part of the Cogeco Peer 1 AOC. These services are PCI DSS Compliant via partnership agreements and the vendor s AOC is kept on file with Cogeco Peer 1. Customers must independently confirm with their QSA that the elements in the solution meet their PCI requirements. 3

Service Delivery Matrix The following service delivery matrix summarizes the respective responsibilities of Cogeco Peer 1 and customers of Cogeco Peer 1 s Managed Hosting Services. Component Customer Responsibilities Cogeco Peer 1 Responsibilities Datacenter 3 None 3 Installation 3 Maintenance 3 Security Network 3 None 3 Installation 3 Maintenance 3 Security Cogeco Peer 1 3 None 3 Installation Installed Hardware: 3 Configuration 3 Server Hardware 3 Firewalls 3 Load Balancers 3 Switches 3 Network Storage 3 Web Application Firewalls Server OS 3 Maintenance 3 Security Service Objective 3 100% Power and HVAC SLA 3 100% Network Uptime SLA 3 1 hour hardware replacement SLA 3 3-22 business day initial provisioning objective (dependent on complexity of the environment) o 3 business days for 7 or fewer basic servers o Additional time required for provisioning load balancers, hardware firewalls, clusters and network storage. o Additional 7 business days for PCI compliance 3 24 hour firewall rule change objective 3 4 hour firewall emergency rule change objective 3 24 hour load balancer standard configuration change objective 3 4 hour load balancer emergency rule change SLA 3 Installation 3 Hardened OS installation using CIS approved benchmarks. 4

How to Open an Online Ticket 1. Go to http://mypeer1.com and enter your domain name and secret word into the log on box. 2. Click on the Managed Services tab. 3. Click on the Support link from the sub-navigation bar. 4. Click on Request Support from the drop-down menu. 5. The Request Support Ticket screen displays. 6. Fill out the form and click Submit. Cogeco Peer 1 Service Level Agreement Cogeco Peer 1 is committed to providing services to its customers at a standard of excellence commensurate with the best practice in the industry. Network uptime and server availability are of the highest importance. Cogeco Peer 1 s Service Level Agreement located at http://peer1.com/aboutus/sla applies to Cogeco Peer 1 Managed Hosting Server plans. This information is current as of February 2016 and is subject to change at any time. All Cogeco Peer 1 Managed services are subject to Cogeco Peer 1 Terms of Service located at http://www.peer1.com/about-us/legal/terms-and-conditions. 5

Contact Cogeco Peer 1 for more information on PCI DSS Compliance info@cogecopeer1.com www.cogecopeer1.com CA 413 Horner Ave. Etobicoke, ON M8W 4W3, Canada US 250 E Grayson St. San Antonio, TX 78215, United States UK 30 Town Quay, Southampton, SO14 2AQ, United Kingdom FR GreenSide, Bât 2 400 avenue Roumanille 06410 Biot, France 1.866.579.9690 1.888.978.7251 0800 840 7490 0805 210 280 About Cogeco Peer 1 Cogeco Peer 1 is a wholly-owned subsidiary of Cogeco Communications Inc. (TSX:CCA) and is a global provider of essential business-to-business products and services, such as colocation, network connectivity, managed hosting, cloud services and managed IT services, that allow customers across Canada, the United States and Western Europe to focus on their core business. With global data centres, an extensive FastFiber Network and more than 50 points-of-presence in North America and Europe combined, Cogeco Peer 1 is a trusted partner to businesses small, medium and large, providing the ability to access, move, manage and store mission-critical data worldwide, backed by superior customer support. 2016 Cogeco Peer 1 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback