Iron Mountain achieves PCI compliant status. Is your vendor PCI compliant?
The threat of credit card data loss or compromise is significant. The Payment Card Industry (PCI) Data Security
Standard exists to support secure practices in credit card processing
and resulted from major credit card issuers aligning their individual
security programs into an industry standard. The foundation of PCI was
built from Visa's Cardholder Information Security Program (CISP). The
standard provides the requirements that all entities storing,
processing or transmitting cardholder data must abide by.
The objective of the PCI program is to encourage companies to
maintain a high level of security to protect cardholder information
regardless of where it resides.
The compliance requirements comprise six areas:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
It is mandatory for companies to comply and, further, to conduct
business with other PCI-compliant members—not doing so could be
costly. Credit card companies can impose hefty fines reaching $500,000
per incident and your credit card processing services could be
terminated. PCI compliance provisions should be included in third-party
contracts as well.
Iron Mountain has taken an industry leading position on safeguarding
customer information. To this end, we engaged the services of an
independent auditor to ensure and certify that our policies, systems
and technologies comply with the (PCI) Data Security Standard.
Iron Mountain's compliance within the program is defined as a Level
1 service provider. We recently completed an onsite audit confirming
compliance with the PCI Data Security Standard for 2009 for our records
management, data protection and shredding businesses, the third year in
a row we have achieved this certification. Iron Mountain is proud to be
recognized on the list of "compliant service providers" published by
Visa.
We can now extend that commitment with our appointment to the PCI
Security Standards Council, an exclusive group of organizations helping
to shape the development of PCI standards. As a member of the council,
Iron Mountain has the opportunity to leverage our expertise and
experience as a service provider in protecting credit card data for
thousands of customers across a variety of industries.
Click to view our letter of acceptance. To view the list of compliant service providers, or for more information on the PCI Data Security Standard visit: