IaaS Hosting Company 3W Infra Achieves Certification for Compliance with ISO 27001 and PCI-DSS Standards
December 2017 by Marc Jacob
3W Infra has attained the ISO/IEC 27001:2013 certification for Information Security Management together with Payment Card Industry Data Security Standard (PCI DSS) compliance. Validated by independent third-party IT audit company Noordbeek B.V., these certifications would help 3W Infra ensure that they have enterprise-grade controls in place to protect customer information and payment data while safeguarding business continuity.
IT audit company Noordbeek B.V. has checked and validated a variety of processes as well as management and operating controls within 3W Infra’s organization to be able to grant 3W Infra the two ‘enterprise-grade’ security certifications.
To ensure that customers’ information is secure with 3W Infra, Noordbeek has validated things like 3W Infra’s business continuity, the documentation of organizational processes, separation of duties, managing (strategic) suppliers, IT system management, human resources policies and procedures, physical security measures in the offices and data center environment, handling and embedding of organizational knowledge, security incident reporting, and more.
3W Infra has received the ISO/IEC 27001:2013 and PCI-DSS certifications from Noordbeek IT Audit, Compliance & Advisory now and is able to send the third-party attestations to customers on their request.
SSAE 16 Certification
On top of the ISO/IEC 27001:2013 and PCI-DSS certifications achieved, 3W Infra is targeting expansion of accreditations embedded in the organization with an SSAE 16 certification in the future. While PCI-DSS is focused specifically on the data security of credit card information stored in a facility, SSAE 16 is more generally focused on the services operating environment and the internal controls of 3W Infra as a service provider.
About ISO/IEC 27001 and PCI-DSS
ISO/IEC 27001:2013 is a worldwide-recognized information security management standard which would ensure that an organization can apply a framework to business processes to help identify, manage and reduce risks to information security. The standard does not only consider IT but all business operations of an organization.
The PCI-DSS (Payment Card Industry Data Security) standard is a proprietary standard for all organizations that process, transmit, or store payment cardholder data. The standard is providing a framework with technologies and practices that would need to be adhered to in order to protect and secure the cardholder data.