The Capita Group Plc has achieved compliance with the Payment Card Industry Data Security Standard (PCI DSS) for Capita Enterprise Services, a managed service provider.
Trustwave, a provider of on-demand data security and PCI compliance management applications to businesses and organisations throughout the world, performed the PCI DSS compliance validation.
PCI DSS is the payment card industry security requirement for entities that process, transmit or store cardholder data, and has been endorsed by all the major card brands Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB. The PCI DSS is a framework for the secure handling of cardholder data.
Capita Enterprise Services is the first fully managed Web hosting provider specialising in public sector services in the UK to be certified compliant. To validate compliance, Capita had their hosting environment reviewed for PCI compliance. Capita manages the operating system and administrative functions, security logs, incident response and audit trails within an environment it specifically created to host customers with their own PCI DSS requirements.
To validate compliance with the PCI DSS, Capita had to demonstrate compliance with 12 stringent security requirements of the credit card brands, submitting to a rigorous review of its information security policies, procedures and IT environment.
“We are delighted to have attained PCI DSS compliance and being the first provider of our kind to have gained this Level 1 compliance within the UK is a great achievement that we are proud of. Importantly, this will give our customers added assurance that payment card information held within our data centers are fully protected. With the heightened focus on card fraud and citizen data in general, Capita is committed to ensuring that the servers and services we host and manage have the highest data security controls,” says Danny May, director, Capita Enterprise Services.
“By achieving PCI DSS compliance validation, Capita has created a secure environment in which they can manage and maintain software applications for a variety of organisations who dont have the people or technical resources to do it on their own. Securing such features as administrative functions and monitoring security logs ensures customers that Capita is efficiently correlating audit records from numerous sources, identifying any known threats, and mitigating network risks,” adds Robert J. McCullen, chairman and CEO of Trustwave.
“As an organisation, Capita Group Plc understands the importance of compliance validation, having recently validated Capita Software Services as PCI DSS compliant with Trustwave. Capita Enterprise Services PCI DSS compliance validation creates a secure environment where customers can use resources with the knowledge that security is mission critical and the organisation is closely monitoring its security posture for the safe management of third party data information,” says Andrew Henwood, director of EMEA Operations, Trustwave.