News
TAS France Datacentre PCI-DSS - Communication to all affected parties
November 2016 by Marc Jacob
PCI-DSS is a standard created by the PCI Security Standard Council (PCI-SSC).
The PCI-SSC was founded in 2006 by American Express, Discover Financial Services, JCB
International, MasterCard and Visa, Inc. to improve payment accounts data securities.
The standard includes 12 security domains and attached procedures describing how the PCI-DSS
compliant company manages payment accounts data securities.
TAS France maintains all applicable PCI-DSS requirements to safeguard the physical security
of the customer’s cardholder data environment.
TAS France Datacentre does not store, process or transmit cardholder data directly.
In this domain, TAS France Datacentre only offers space and physical security. The company is a
hosting provider which provides colocation services, allowing payment service providers to run their
unique solutions within PCI-DSS compliant facilities.
2 - TAS France responsibilities
2.1 TAS France is responsible for:
Restrict physical access to cardholder data, of which:
Facility entry controls
Distinction between personnel on-site and visitors
Physical access for on-site personnel to sensitive areas
Visitors identification and authorization
Physically secure media: accessibility, storage, internal or external distribution,
destruction when needed for business or legal reasons
Maintain a policy ensuring that security policies and operational procedures for restricting
physical access to cardholder data are documented, in use, and known to all affected parties.
2.2 TAS France is not responsible for:
The secure configuration of system and platform used by his customer. Protection of card
data, processed, stored or transmitted through systems and platform in the cardholder data
environment is the responsibility of the customer.
Cryptographic techniques, tools or process to protect their customers cardholder data.
Protection of the storage and transmission of this information within each cardholder data
environment is the responsibility of the customer.
Software development related to cardholder data transmission, storage and processing is the
responsibility of the customer.
Protection of the systems against malware. Protection of card data, processed, stored or
transmitted through systems and platform in the cardholder data environment, adopting
regularly updated antivirus software is the responsibility of the customer
Involvement in the management or design of logical access control of components in
customers CDE (Cardholder Data Environment). It is the responsibility of the customer to
maintain compliance of their servers once they are deployed.
Involvement in the management of customer tracking and monitoring of their network and
components access within their cardholder data environment. It is the responsibility of the
customer to maintain compliance of their CDE.
