Standards and Compliance
The Payment Card Industry (PCI) Data Security Standards (DSS)
The Uptime Institute
The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to increase security and controls of credit card data and must be followed by organizations of all sizes if they accept, store, transmit or process payment cards from the five credit card brands VISA, MasterCard, American Express, Discover and JCB.
Cloudlayer 8 completed successfully the PCI DSS assessment using an approved Qualified Security Assessor (QSA). The QSA auditor has reviewed CL8’s controls and processes implemented and successfully passed compliance tests under PCI DSS version 3.2 at Service Provider Level.
The assessment resulted in an Attestation and Report of Compliance issued by the QSA. The effective period of compliance begins upon successful passing of the audit and receive of the Attestation and ends one year from the date the Attestation is signed.
Customers that would like to deploy environments containing card holder data can leverage CL8’s validation and reduce the associated effort and costs of getting their own PCI DSS compliance status. It is however, important to understand that CL8’s PCI DSS compliance status does not automatically imply that customers become PCI DSS compliant. Customers are responsible ensuring that they achieve compliance PCI DSS. For more information on PCI and details on areas of compliance and responsibility, please contact the Data Controller of CL8.
Tier Certification is issued by the Uptime Institute of the USA, in internationally recognized and accepted third-party data center evaluator. The Uptime Institute has specific and clear requirements and criteria for each Tier Certification, making them an objective evaluator of functionality and capacity of data centers
Tier III Criteria
The data center(s) of CL8 achieved Tier III certification in design and CL8 has already applied for acquiring the Tier III certificate for the construction. In essence, our building plans were drawn to provide superior protection according to the Tier III criteria and the physical construction of our facilities have been completed and ensured the plans became reality.
In summary, we meet the following criteria:
- Concurrently maintainable — A concurrently maintainable data center “has redundant capacity components and multiple independent distribution paths serving the computer equipment.” That means if a piece of equipment fails or a source of power is cut off, back up equipment and power sources ensure data stays online.
- Zero outages during service — Equipment can be removed from service on a planned basis without impacting any of the computer equipment.
- Dual power inputs — Tier III sites require all computer hardware to have dual power inputs.
The Uptime Institute’s Tier III Certification makes us the one of the first multi-tenant data center in the region and the only data center in Cyprus that the physical construction of the facilities fully aligns with the Tier III – design requirements.