Sekoia.io is proud to announce that it has achieved the Payment Card Industry Data Security Standard (PCI-DSS) compliance at Level 1.
PCI-DSS compliance is a rigorous set of security standards designed to safeguard credit card information and audited by an independent third-party. It requires a combined team effort over a sustained period of time to meet the auditors expectations.
In this blog post, we’ll explain the journey to the certification and why it can be used by our customers to their benefit.
Meeting the Gold Standard
PCI-DSS has been a priority in our compliance journey for two reasons:
- It resonates with the core principles of Sekoia.io: it’s a comprehensive and non-compromising set of standards ensuring the utmost protection of the systems it certifies.
- In a constantly-moving regulatory environment it ensures that we can be integrated in the security portfolio of our banking and financial customers, or any customer requiring PCI-DSS compliance in their scope.
These customers can now get access to Sekoia.io in a new region dedicated to high-grade security compliance. This region is hosted by OVH SecNumCloud. This hosting service is already fully compliant with PCI-DSS, ISO27001, SOC2 and many others.
Creating a favorable PCI-DSS environment
Sekoia.io had to comply with nearly 300 requirements in order to make sure that:
- The solution itself complies with all the technical requirements of PCI-DSS
- All personnel with an operational role in the solution are trained and equipped with tools (software, hardware, process) to comply with the framework
- The solution helps our customer answer to their own requirements on PCI-DSS
Let’s make it clear, this was a real effort. It required more formalization, more tools with their own cost and more resilience in our operational workflows.
But we are convinced that this effort will also create very favorable conditions for our customers with PCI-DSS regulated scopes.
How Sekoia.io helps you with your own PCI-DSS compliance
If you are a PCI-DSS entity, our compliant offer will make your life way simpler, and here is why.
- Centralize your supervision
- You can now mutualize the SOC activities of your PCI-DSS card environment with your usual SOC scope, without impacting your compliance status.
- Of course if your systems are distributed globally, you can still connect them as specific entities and apply a global strategy or a more tailored made detection strategy, it’s up to you.
- Streamline your compliance process
- You can now comply with your own PCI-DSS requirements with Sekoia.io when it’s related to SOC activities and especially requirements of chapter 10 dedicated to track and monitor all access to network resources and cardholder data.
- Reduce your scope
- Because Sekoia.io is a SaaS solution, this relieves you of the burden of installing and managing a dedicated, on-premise SIEM.
- We are also ensuring data availability and integrity for audit trails, 2 hard-to-tackle requirements that are demanded by PCI-DSS.
- Our product is fully compliant with other PCI-DSS requirements such as encryption, role-based access control, audit trail, detection rules…
PCI-DSS compliance is an important milestone for Sekoia.io, but our journey doesn’t end here. As we celebrate this achievement, we are already focused on the road ahead, working continuously to adapt to an ever-evolving threat landscape and create a more secure digital world for everybody.
To learn more about our PCI DSS compliance and our security posture, please visit our Trust Center. Additional documents like our whitepaper can be downloaded there as well.