Why Hosting providers require PCI DSS services

The solutions offered by Hosting Providers help perform a critical function for many organisations that store, process or transmit cardholder data because they manage the systems that store, process or transmit cardholder data. With so much credit card information flowing through their systems, it is vital that high levels of information security are maintained. Gaining PCI DSS compliance is increasingly a business driver. PCI DSS compliant Hosting Providers are advertised as a certified organisation on the payment scheme websites demonstrating to both their clients and potential clients that their Hosting services are secure.

Services offered
For Hosting Providers, Sysnet offers a complete service to validate compliance with the PCI Data Security Standard and defines two major types of Hosting Provider definition:

Unmanaged Hosting Providers – An unmanaged Hosting Provider limits the services they provide such as only providing hosting space. The following requirements apply mainly to Unmanaged Hosting Providers:

• Requirement 9 - Restrict Physical Access to Cardholder Data

• Requirement 12 - Maintain a policy that addresses information security for employees and contractors

Managed Hosting Providers - Managed Hosting Providers offer a wide range of services to their merchant clients and are therefore often required to be compliant for all areas of the PCI DSS.

For Managed Hosting Providers, Sysnet follows a simple three-step methodology in line with our standard PCI DSS level 1 offering. More detailed information about Sysnet’s methodology is available on request.