Get a demo
I hereby consent to the processing of my personal data specified herein by CROC, for the purposes and within the scope set forth by the Personal Data Protection legislation of the Russian Federation, in conjunction with the activities performed and for an indefinite term.
Solution of interest
Get a quote
I hereby consent to the processing of my personal data specified herein by CROC, for the purposes and within the scope set forth by the Personal Data Protection legislation of the Russian Federation, in conjunction with the activities performed and for an indefinite term.
Solution of interest
Try for free
I hereby consent to the processing of my personal data specified herein by CROC, for the purposes and within the scope set forth by the Personal Data Protection legislation of the Russian Federation, in conjunction with the activities performed and for an indefinite term.
Solution of interest
Why CROC Cloud

CROC Obtains PCI DSS Compliance Certification for its Cloud Platform

5 minutes 306

CROC has obtained cloud certification for compliance with the Payment Card Industry Data Security Standard (PCI DSS). This represents a unique event for the Russian market, as it is the first time that a certificate has been awarded to a cloud platform developed from scratch and based on open source software.

Adopted more than a decade ago by payment system industry leaders, including Visa, MasterCard, and American Express, PCI DSS guarantees that a service or system is securely protected. Obtaining such certification is mandatory for companies making money transfers and online payments using bank cards, including not only banks and payment systems, but also retail chains and telecom carriers selling goods and services online. If an information system using cardholder details is hosted on an outsourced site, then this site must also be checked for PCI DSS compliance.


Finance, e-commerce, telecom, and other companies, which accept bank card payments from online clients and are served by CROC, can now be sure that they are moving their services to a cloud platform that meets global security standards and offers a double guarantee of fault tolerance.


It took more than a year to bring the entire cloud platform, including data center, virtual infrastructure, and operational procedures, in line with PCI DSS, with all cloud components, especially the network, being checked and improved.


The certification procedure was performed by Digital Compliance, a Digital Security subsidiary which provides information security compliance services to financial institutions and payment systems and issues a certificate of compliance that guarantees secure storage and processing of customer payment details. In addition, CROC’s customers can now have their cloud services verified for compliance with all PCI DSS requirements in a faster and easier manner.


CROC’s new certificate can also benefit customers that do not carry out payment card processing in CROC’s cloud.


Since PCI DSS requirements cover virtually all security aspects, this certificate is sufficient to convince a customer’s CISO regarding the security of CROC’s cloud and facilitate migration decision-making.


«CROC’s cloud is our proprietary product and unparalleled in Russia. The platform can be easily adjusted to the business tasks of large customers that move their core systems to the cloud. Maximum data security, the highest possible level of performance, fault tolerance (as cloud is based on geographically distributed sites), rich cloud service portfolio, a customer-focused approach, and skilled 24/7 support represent key cloud-specific features and our competitive advantages,» said Maxim Berezin, Cloud Service Development Director, CROC.


As one of the PCI DSS certification prerequisites, Digital Security performed penetration testing involving a hacker attack simulation. CROC’s cloud successfully passed this test, proving its resilience and compliance with strict information security requirements.


«Although we have been performing PCI DSS compliance audits for approximately nine years now, this was the first cloud platform of such level and scale that we have seen. In addition, CROC employees demonstrated their advanced skills in cloud support, security, and secure software development,» said Andrey Gaiko, QSA Auditor and Deputy Director, Digital Compliance.

About Digital Compliance

Digital Compliance, a Digital Security subsidiary, provides information security compliance services to financial institutions and payment systems and offers the entire range of services that help companies prepare for and pass certification for compliance with PCI DSS, PA-DSS, ISO 27001, Standard of the Bank of Russia for the Assurance of Information Security of Banking Institutions of the Russian Federation (STO BR IBBS-1.0), and Regulation No. 382-П. The company was established in 2015 and derived from the Digital Security’s payment system and bank information security audit department, which has been completing various information security compliance projects for over 12 years and has been PCI QSA certified since early 2008 and PA-QSA certified since 2011. Their large pool of customers being serviced in this area includes the National Payment Card System, AK BARS Bank, Surgutneftegazbank, SMP Bank, Money Mail.Ru, Dengi Online, Uniteller, and many others.

Top 3

Russian IT service

About CROC

CROC was established in 1992 and has been operating in the Russian IT market for over 26 years, ranking among the top 10 IT companies and top 5 consulting businesses in Russia (Expert Rating Agency, 2017) for over 10 years. Moreover, in 2016, the company was among the top 3 Russian IT service (IDC, TAdviser, 2017), systems integration (IDC, 2017), and IaaS (CNews, 2017) providers.

CROC is the number one Russian IT service provider to the energy and manufacturing (Manufacturing Management portal, 2017) and healthcare (CNews, 2017) sectors, and ranks among the top 3 IT service providers to transportation companies (CNews, 2017).

CROC enables digital transformation with its blockchain, Big Data, VR/AR, AI, IoT, and BIM implementations. The company has been evolving Russia's first open-source cloud for almost 10 years since 2009 and is the only systems integrator in the country to operate its own fault-tolerant data centers, which boast Tier III Gold Certification of Operational Sustainability from the Uptime Institute. CROC offers cloud and managed B2B services based on its data centers, including IT infrastructure provisioning and management, creation of cloud-based security operations centers, deployment of video and Wi-Fi analytics for marketing needs, and HR process automation.

CROC’s key competences also include integrated platforms for interstate and interagency interaction; development of software and hardware solutions, mobile apps, and digital platforms for communication with customers; data protection and information security solutions; IT support and IT outsourcing; industrial solutions; large contact centers; networks and communication solutions; Digital Signage; computing suites; data storage optimization; and BIM-enabled engineering infrastructures for buildings and data centers.

CROC develops the Innovation Accelerator to create and fine-tune its proprietary new products and cloud services of potential partners. To streamline customer digital transformation, CROC launched a Digital Enabler service for end-to-end agile engineering and roll-out of unique digital processes, as well as established a consulting force to help customers develop digital products that meet end user needs and shape new digital businesses.

For more information, please contact CROC PR team.

Don't miss the most important, interesting and helpful posts of the week

Success

More stories