The Bunker, a provider of secure managed hosting, cloud computing, colocation, and outsourced IT services, has achieved certification on all 12 of the Payment Card Industry Data Security Standard (PCI DSS) requirements at both of its data centres. The firm says this makes it one of the few organisations able to offer a full end-to-end PCI DSS service based on pre-certified components.
The Bunker can deliver PCI DSS certified credit card payment processing more quickly and with more flexibility than other service providers, it is claimed which are typically already certified against only two of the 12 requirements.
Last year The Bunker embarked on an upgrade its PCI DSS status to “Managed Services” and to bring its Newbury site within scope. This means that an independent Qualified Security Assessor (QSA) has pre-certified all of the components required, making the deployment and ongoing monitoring of client systems a more straightforward process that does not need to be designed from scratch every time.
Any business that stores, transmits or processes credit card data must comply with the PCI DSS. The standard comprises of 12 requirements which in turn break down into over 200 sub-requirements and cover all aspects of an environment from network security, build standards and encryption, through to your organisation’s policy and processes for change management, access control and monitoring. Complying with the standard can be time consuming. Achieving the certification however is not optional, the firm adds, and credit card issuers and the Information Commissioner’s Office can issue penalties.
The Bunker’s hosts and manages a range of services for its PCI DSS certified clients, with services ranging from colocation to fully managed, monitored and audited systems for customers including Moneybookers, Commidea and Anderson Zaks.
The majority of data centres within Europe and the US which offer PCI DSS related services typically only conform to requirements 9 and 12 (recognised as “Hosting Provider” status on the Visa list of validated service providers) and do not often have the ability to provide a full end-to-end PCI DSS service based on pre-certified components. Having achieved an Attestation of Compliance for all of the 12 PCI DSS requirements The Bunker is now in the top tier of PCI DSS Service Providers which clearly demonstrates The Bunker’s professional approach and focus on the physical, digital and human aspects of security.
Peregrine Newton, CEO said, “Many organisations provide two of the 12 requirements, but to have all 12 requirements pre-certified offers our clients a lower risk, lower cost route to certification with the flexibility needed to augment their existing capabilities. Complying with all of the requirements was no small undertaking, but with the assistance of our Qualified Security Adviser (QSA) partner Convergent Network Solutions, we can now take responsibility for as much or as little of this very complex compliance requirement as our clients wish, allowing the customer to focus on what they do best.”
Kevin Dowd, Director of Security Assessment, CNS added, “The Bunker has successfully demonstrated that it’s processes, systems, policies and procedures comply with the relevant requirements of the PCI Data Security Standard and, as such, has attained the Managed Services provider accreditation. The Bunker can now provide a comprehensive PCI DSS compliant environment to its customers seeking PCI DSS compliance as a merchant.”
BOth of The Bunker’s data centres are also ISO27001 certified, and connection to the NHS National Network (N3) has recently been reapproved. “The Bunker will add more security standards to its list of accreditations as we expand into new markets. Security is in our DNA,” added Newton.
The Bunker’s data centres are military-grade nuclear bunkers purpose built to house the UK’s air defence systems. Clients are health service, financial services organisations, technology companies, government and other regulated businesses.
