CROC Obtains PCI DSS Compliance Certification for its Cloud Platform
CROC has obtained cloud certification for compliance with the Payment Card Industry Data Security Standard (PCI DSS). This represents a unique event for the Russian market, as it is the first time that a certificate has been awarded to a cloud platform developed from scratch and based on open source software.
Adopted more than a decade ago by payment system industry leaders, including Visa, MasterCard, and American Express, PCI DSS guarantees that a service or system is securely protected. Obtaining such certification is mandatory for companies making money transfers and online payments using bank cards, including not only banks and payment systems, but also retail chains and telecom carriers selling goods and services online. If an information system using cardholder details is hosted on an outsourced site, then this site must also be checked for PCI DSS compliance.
Finance, e-commerce, telecom, and other companies, which accept bank card payments from online clients and are served by CROC, can now be sure that they are moving their services to a cloud platform that meets global security standards and offers a double guarantee of fault tolerance.
It took more than a year to bring the entire cloud platform, including data center, virtual infrastructure, and operational procedures, in line with PCI DSS, with all cloud components, especially the network, being checked and improved.
The certification procedure was performed by Digital Compliance, a Digital Security subsidiary which provides information security compliance services to financial institutions and payment systems and issues a certificate of compliance that guarantees secure storage and processing of customer payment details. In addition, CROC’s customers can now have their cloud services verified for compliance with all PCI DSS requirements in a faster and easier manner.
CROC’s new certificate can also benefit customers that do not carry out payment card processing in CROC’s cloud.
Since PCI DSS requirements cover virtually all security aspects, this certificate is sufficient to convince a customer’s CISO regarding the security of CROC’s cloud and facilitate migration decision-making.
«CROC’s cloud is our proprietary product and unparalleled in Russia. The platform can be easily adjusted to the business tasks of large customers that move their core systems to the cloud. Maximum data security, the highest possible level of performance, fault tolerance (as cloud is based on geographically distributed sites), rich cloud service portfolio, a customer-focused approach, and skilled 24/7 support represent key cloud-specific features and our competitive advantages,» said Maxim Berezin, Cloud Service Development Director, CROC.
As one of the PCI DSS certification prerequisites, Digital Security performed penetration testing involving a hacker attack simulation. CROC’s cloud successfully passed this test, proving its resilience and compliance with strict information security requirements.
«Although we have been performing PCI DSS compliance audits for approximately nine years now, this was the first cloud platform of such level and scale that we have seen. In addition, CROC employees demonstrated their advanced skills in cloud support, security, and secure software development,» said Andrey Gaiko, QSA Auditor and Deputy Director, Digital Compliance.
About Digital Compliance
Russian IT service
CROC was established in 1992 and has been operating in the Russian IT market for over 26 years, ranking among the top 10 IT companies and top 5 consulting businesses in Russia (Expert Rating Agency, 2017) for over 10 years. Moreover, in 2016, the company was among the top 3 Russian IT service (IDC, TAdviser, 2017), systems integration (IDC, 2017), and IaaS (CNews, 2017) providers.
CROC is the number one Russian IT service provider to the energy and manufacturing (Manufacturing Management portal, 2017) and healthcare (CNews, 2017) sectors, and ranks among the top 3 IT service providers to transportation companies (CNews, 2017).
CROC enables digital transformation with its blockchain, Big Data, VR/AR, AI, IoT, and BIM implementations. The company has been evolving Russia's first open-source cloud for almost 10 years since 2009 and is the only systems integrator in the country to operate its own fault-tolerant data centers, which boast Tier III Gold Certification of Operational Sustainability from the Uptime Institute. CROC offers cloud and managed B2B services based on its data centers, including IT infrastructure provisioning and management, creation of cloud-based security operations centers, deployment of video and Wi-Fi analytics for marketing needs, and HR process automation.
CROC’s key competences also include integrated platforms for interstate and interagency interaction; development of software and hardware solutions, mobile apps, and digital platforms for communication with customers; data protection and information security solutions; IT support and IT outsourcing; industrial solutions; large contact centers; networks and communication solutions; Digital Signage; computing suites; data storage optimization; and BIM-enabled engineering infrastructures for buildings and data centers.
CROC develops the Innovation Accelerator to create and fine-tune its proprietary new products and cloud services of potential partners. To streamline customer digital transformation, CROC launched a Digital Enabler service for end-to-end agile engineering and roll-out of unique digital processes, as well as established a consulting force to help customers develop digital products that meet end user needs and shape new digital businesses.
For more information, please contact CROC PR team.