It’s Very Easy To Assume All Cloud Providers Are Fully Compliant. But, Upon Closer Inspection Unless You Request Full Disclosure, You May Discover Their Compliance May Not Meet All PCI DSS 12 Requirements…
Along with protecting clients, an MSP must take necessary steps to protect their organization when choosing a Certified Cloud provider, like Cloud Services For MSPs. Should that provider not meet the 12 requirements for PCI DSS compliance, it could spell trouble for the MSP wanting to offer cloud services.
As an MSP, you need to do your due diligence when inspecting your cloud provider’s compliance. If you haven’t discovered it yet, not every provider stating they are certified can meet the PCI DSS security standards.
What PCI Security Standards Should An MSP Expect From Their Cloud Provider?
This is extremely important to know and stay abreast of any changes. It would be best to consider how the Cloud provider’s compliance or lack thereof will impact your clients. The negative impact it can have on your clients who must follow payment card compliance if uncovered later, the cloud provider was not, would devastate their business.
Here’s what you want to know. A Certified Cloud provider that is compliance-focused, only offers a fully managed PCI compliant cloud, like Cloud Services For MSPs, and follows the guidelines set by the PCI Security Standards Council (SSC). They will take the necessary steps to obtain and maintain their PCI DSS compliance. If the cloud provider is proactive, they will provide their status level, i.e., v3.1, v3.2.
What Are The 12 PCI DSS Compliance Requirements?
For an MSP, compliance is a way of life. When it comes to the Healthcare industry, they want to know everything about HIPAA. With the Financial industry, it’s FINRA, and with the Payment Card industry, it is PCI DSS compliance as set forth by the PCI SSC.
So, below, I’ve listed the 12 PCI DSS compliance requirements as a quick reference for you to review often. Should you have a current cloud provider request and inspect their credentials, to determine if they meet or exceed these compliance requirements.
- Use and maintain firewalls
- Proper password protection
- Protect cardholder data
- Encrypt transmitted data
- Use and maintain anti-virus
- Properly updated software
- Restrict data access
- Unique IDs for access
- Restrict physical access
- Create and maintain access logs
- Scan and test for vulnerabilities
- Document policies
For the record, Cloud Services For MSPs is Certified PCI DSS compliant. We are proactive about PCI compliance and stay abreast of changes and updates in the Payment Card Industry. We take the necessary steps to update ourselves and align our organization with the PCI Security Standards Council (SSC).
Call us at (866) 883-8836, and let’s continue this conversation. We can discuss how your MSP can take full advantage of the cloud to serve your clients better.