[AusNOG] PCI-DSS Compliant Co-Location and Server Management

Rick Jones rick at toplevel.net.au
Thu Apr 9 12:22:19 EST 2009


Thanks John,

We're talking to Macquarie, but the obvious question of "who else is out there" still remains.  The entity must have a report of compliance from an approved auditor because this particular customer is required to be audited as a Level 1 merchant.  They have completed their own internal auditor, but their service provider has let them down.

Thanks,
Rick

-----Original Message-----
From: John Allan [mailto:lists at john.net.au] 
Sent: Thursday, 9 April 2009 11:51 AM
To: Rick Jones
Cc: ausnog at ausnog.net
Subject: Re: [AusNOG] PCI-DSS Compliant Co-Location and Server Management

Macquarie Corporate Telecommunications Intellicentre is the first that
comes to mind.

http://www.macquarietelecom.com/hosting/data_centre/data_centre_security_accreditations.htm

I'll qualify the following by saying "i'm not an expert", but as I
recall, there is not a "certification" per se, but an accredited
assessor reports compliance for the third-party facility who "offer"
this report to their customers, and as such it can be incorporated into
the report for entity which requires assessment in their own right.

Therefore you should be able to work with any data centre provider
provided that they are willing to co-operate with the auditors, answer
business-sensitive questions, and "someone" pays for the upkeep and
actively keeping tabs on any compensating controls; but if you go to
someone that waves "here we have a report that you can paste into your"
in front of you it is probably going to be cheaper/easier.

Much of PCI-DSS is equivalent to ISO27001 but without the ISMS
framework.  So if you look for ISO27001 that will give a head start.

My employer has ISO27001 and is a highest-level PCI merchant.  Our data
centres are scrutinised with rubber gloves...  Some of them (worldwide)
are floors/cages in hosting facilities, but in Australia we own/run our
own.

Cheers,

John




On Thu, 2009-04-09 at 08:53 +1000, Rick Jones wrote:
> Hi All,
> 
>  
> 
> While we take some time out from discussing Conficker, the NBN,
> Google’s secret servers and Sydney’s power outages....
> 
>  
> 
> I have a client, a large online retailer, that is looking for managed
> hosting (co-location plus server management).  The environment must be
> certified to be compliant to PCI-DSS.
> 
>  
> 
> If you can provide such a service, or know someone who can, please
> contact me off list.
> 
>  
> 
> Thanks,
> 
> Rick
> 
>  
> 
> 
> Rick Jones
> 
> Director, Top Level Internet
> 
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog





More information about the AusNOG mailing list