The OVH group, a European provider of Digital as a Service solutions, has just obtained level 1 PCI DSS certification for its Dedicated Cloud offer. The group has taken a new step in its global certification strategy to gain recognition that its infrastructures and services conform to industry best practices and international standards.
Issued by the Security Standards Council, PCI DSS (Payment Card Industry Data Security Standard) assures banking agencies and online service users, that actors handling confidential data in relation to payment cards meet specific security requirements. OVH, which has already obtained the standard for its online payment system, has now attained its second PCI DSS certification. OVH's online retail customers will soon be able to install their payment application in a PCI DSS certified cloud. This will allow them to gain their own PCI-DSS certification more quickly since some of the control points have already been validated by the group. The security of online transactions of the customers of these online retailers will also benefit from this development.
A Certified Security Level
"We apply and continuously improve the physical and logical security procedures of our Dedicated Cloud Infrastructure," declares Thibaud Saudrais, in charge of quality assurance within the OVH group. "We already possess several certifications and adhere to many standards including the ISO 27001 which addresses organizational security, SOC 1 & 2 type II standards that deal with the strict internal controls that we perform and CSA which pertains to the adherence of best practices. Now with PCI DSS, we have received our first standard for online retailers on Dedicated Cloud. This is a new measure of confidence for our customers and demonstrates OVH's commitment in the fight against credit card fraud."
The audit was conducted by Provadys and examined more than 2500 instances of compliance and enforcement of PCI DSS requirements, certifying the level of security of the Dedicated Cloud offer. OVH has also started the process to obtain the approval to host personal healthcare data (HADS) issued by l'ASIP Santé in France and HIPPA for the protection of healthcare data in the United States.