ANN ARBOR — The data hosting provider Online Tech said Wednesday that it had expanded its compliant computing platform to include PCI-DSS (Payment Card Industry – Data Security Standard) audited cloud computing.
Not only is Online Tech one of the first to deliver a cloud computing solution that has been independently audited for both HIPAA and PCI compliance, many of its competitors decline to be audited at all.
“PCI compliance requires a fundamentally higher level of security than most cloud computing vendors can deliver,” said Yan Ness, CEO of Online Tech. “A lot of companies can — and do — say that they’re HIPAA or PCI compliant. But Online Tech can actually show that, in addition to our HIPAA-audited cloud computing, our PCI compliance was also audited by an independent, third-party auditor.”
As more merchants move their payment systems to the cloud, PCI compliance is essential. Online Tech is way ahead of a movement to standardize the transparency of those security practices.
In contrast to some cloud vendors that claim HIPAA or PCI compliance without third party audits, Online Tech backs up its compliance claims with annual audits. UHY Advisors LLC conducted the PCI audit of Online Tech and issued a 127-page Report on Compliance with results on 297 tests that covered all 12 PCI-DSS requirements. Online Tech passed with 100 percent compliance.
Diana Kelley, a partner at SecurityCurve, told SearchSecurity.com that far too few vendors provide the visibility and documentation necessary to maintain PCI compliance. She said large businesses can often force cloud providers to accept an audit, but “if you are not a big enough account they could be willing to let your business go.”
No arm-twisting was necessary at Online Tech, which subjected its data centers, operating processes, personnel, cloud servers and network security to the audit. It covered the company’s colocation, private cloud and multi-tenant cloud offerings.
Online Tech is also one of the few data center operators that backs up its PCI and HIPAA compliance claims by making the Report on Compliance available to its prospects and clients.
“We believe independent audit reports are a key component for anyone looking to prove their solution is compliant to PCI or HIPAA requirements” Ness said.
Online Tech has also released a 27-page white paper on PCI Cloud Computing that provides both an overview of PCI requirements as well as a reference model for building a PCI compliant cloud.
“The technical requirements to meet PCI are quite sophisticated, so we wrote this white paper to make it easier to understand all of the technical requirements that go into delivering a PCI cloud” said April Sage, Online Tech’s marketing director.
Online Tech’s Midwest data centers assure mission critical applications are always available, comply with government & industry regulations, and continue operating after a disaster. Backed by independent HIPAA, PCI, SAS 70, SSAE 16, SOC 2, and SOC 3 audits, Online Tech delivers the security, privacy, and availability expected from world class data center operators. For more information, visit www.onlinetech.com, call (877) 740-5028, or email firstname.lastname@example.org .