[AusNOG] PCI-DSS Compliant Co-Location and Server Management
Sean K. Finn
Sean.Finn at ozservers.com.au
Thu Apr 9 12:23:47 EST 2009
These guys appear to be Certified too.
No experience with them, so I can't make any recommendations.
www.managenet.com.au T4 ASIO/PCI Compliant Data Centre
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of John Allan
Sent: Thursday, 9 April 2009 11:51 AM
To: Rick Jones
Cc: ausnog at ausnog.net
Subject: Re: [AusNOG] PCI-DSS Compliant Co-Location and Server Management
Macquarie Corporate Telecommunications Intellicentre is the first that
comes to mind.
I'll qualify the following by saying "i'm not an expert", but as I
recall, there is not a "certification" per se, but an accredited
assessor reports compliance for the third-party facility who "offer"
this report to their customers, and as such it can be incorporated into
the report for entity which requires assessment in their own right.
Therefore you should be able to work with any data centre provider
provided that they are willing to co-operate with the auditors, answer
business-sensitive questions, and "someone" pays for the upkeep and
actively keeping tabs on any compensating controls; but if you go to
someone that waves "here we have a report that you can paste into your"
in front of you it is probably going to be cheaper/easier.
Much of PCI-DSS is equivalent to ISO27001 but without the ISMS
framework. So if you look for ISO27001 that will give a head start.
My employer has ISO27001 and is a highest-level PCI merchant. Our data
centres are scrutinised with rubber gloves... Some of them (worldwide)
are floors/cages in hosting facilities, but in Australia we own/run our
On Thu, 2009-04-09 at 08:53 +1000, Rick Jones wrote:
> Hi All,
> While we take some time out from discussing Conficker, the NBN,
> Google’s secret servers and Sydney’s power outages....
> I have a client, a large online retailer, that is looking for managed
> hosting (co-location plus server management). The environment must be
> certified to be compliant to PCI-DSS.
> If you can provide such a service, or know someone who can, please
> contact me off list.
> Rick Jones
> Director, Top Level Internet
> AusNOG mailing list
> AusNOG at lists.ausnog.net
AusNOG mailing list
AusNOG at lists.ausnog.net
More information about the AusNOG