By handling payment card data in a responsible way, we help organizations who accept, store, and/or process credit cards achieve and maintain PCI 3.0 compliance. The intrinsic qualities of our secure infrastructure fulfill many of the more costly and difficult PCI DSS requirements. To demonstrate how seriously we take the responsibility of protecting payment card data, CodeGuard has two reports on compliance (ROCs) - each from a different qualified security assessor (QSA) firm and each completed at different points throughout the year. This rigorous audit standard clearly represents CodeGuard's commitment to exceed minimum security requirements for PCI, while leading the website backup industry in standards for compliance.
Our validation documentation reveals the specific PCI DSS controls on which our customers can rely for their PCI validation, providing much needed transparency for our customers.
CodeGuard is registered as a validated service provider with the following card brands:
- Visa, Inc
- Visa Europe
- MasterCard
- American Express
- Discover
PCI DSS compliant secure server configurations should include:
Physical Security
- 24/7/365 manned data centers with robust access controls
- Video surveillance monitoring with compliant retention
- Redundant power, cooling and environmental controls
Perimeter Security
- Web application firewall
- IDS (Intrusion Detection System)
- ASV provided external network vulnerability scanning
Host Security
- Hardened OS images and OS patching
- Hypervisor based network firewall for each secure cloud server
- Advanced antivirus with malware protection
- File integrity monitoring
Log Management
- Log aggregation for all customer systems
- Automated daily log review with exceptions reviewed by our SOC
- Customizable log retention schedules
Secure Remote Access
- SSL and L2L VPN connections
- Two-factor authentication
- Isolated management network with jump server for CodeGuard support
- Privileged access management with full session recording for CodeGuard support
Encryption
- SSL certificates with extended ID validation available
Companies that trust CodeGuard
