Standards and Compliance
The Payment Card Industry (PCI) Data Security Standards (DSS)
The Uptime Institute
The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to increase security and controls of credit card data and must be followed by organizations of all sizes if they accept, store, transmit or process payment cards from the five credit card brands VISA, MasterCard, American Express, Discover and JCB.
Cloudlayer 8 completed successfully the PCI DSS assessment using an approved Qualified Security Assessor (QSA). The QSA auditor has reviewed CL8’s controls and processes implemented and successfully passed compliance tests under PCI DSS version 3.2 at Service Provider Level.
The assessment resulted in an Attestation and Report of Compliance issued by the QSA. The effective period of compliance begins upon successful passing of the audit and receive of the Attestation and ends one year from the date the Attestation is signed.
Customers that would like to deploy environments containing card holder data can leverage CL8’s validation and reduce the associated effort and costs of getting their own PCI DSS compliance status. It is however, important to understand that CL8’s PCI DSS compliance status does not automatically imply that customers become PCI DSS compliant. Customers are responsible ensuring that they achieve compliance PCI DSS. For more information on PCI and details on areas of compliance and responsibility, please contact the Data Controller of CL8.
Tier Certification is issued by the Uptime Institute of the USA, in internationally recognized and accepted third-party data center evaluator. The Uptime Institute has specific and clear requirements and criteria for each Tier Certification, making them an objective evaluator of functionality and capacity of data centers
Tier III Criteria
The data center(s) of CL8 achieved Tier III certification in design and CL8 has already applied for acquiring the Tier III certificate for the construction. In essence, our building plans were drawn to provide superior protection according to the Tier III criteria and the physical construction of our facilities have been completed and ensured the plans became reality.
In summary, we meet the following criteria:
- Concurrently maintainable — A concurrently maintainable data center “has redundant capacity components and multiple independent distribution paths serving the computer equipment.” That means if a piece of equipment fails or a source of power is cut off, back up equipment and power sources ensure data stays online.
- Zero outages during service — Equipment can be removed from service on a planned basis without impacting any of the computer equipment.
- Dual power inputs — Tier III sites require all computer hardware to have dual power inputs.
The Uptime Institute’s Tier III Certification makes us the one of the first multi-tenant data center in the region and the only data center in Cyprus that the physical construction of the facilities fully aligns with the Tier III – design requirements.
The ISO 9001 standard ensures a Quality Management System (QMS) that meet’s customer expectations while continually improving operational processes. The result of using ISO 9001 is shorter lead times, high delivery reliability, and consistently high quality services and products. Complying with ISO 9001 helps us develop and optimize procedures and processes in our operations and it enables us to focus on what is important such as time efficiency, reducing and optimizing costs, boosting our competitive advantage and being equipped to meet future challenges. The ISO 9001 certification is a globally accepted assurance that an organization take quality seriously.
ISO 27001 describes how to manage information security in a company by performing a business impact analysis and risk assessment on a company’s assets. The latest revision of this standard was published in 2013 and its full title is now ISO/IEC 27001:2013. The first revision of the standard was published in 2005. ISO 27001 was written by the world’s top experts in the field of information security and provides methodology for the implementation of information security management in an organization. It also enables companies to become certified, which means that an independent certification body confirms that an organization has implemented all the requirements described in the standard. ISO 27001 has become the most popular information security standard worldwide.