By Brian Dunphy, senior director, product management, Symantec Managed Security Services
In the current business climate, organizations that need to process, store or transmit credit card data are most likely familiar with the Payment Card Industry Data Security Standard or PCI DSS. This standard specifies the security controls needed to keep credit card data safe and secure during transit, processing, and storage. PCI DSS requires organizations to build and maintain a secure network, protect cardholder data, implement strong security measures, maintain a vulnerability management program and an information security policy, and test and monitor networks on a regular basis.
Today, we’re pleased to announce that Symantec Managed Security Services (MSS) is now a PCI DSS-certified service provider. While MSS is not a service used to process payments, this certification is important to all organizations using the service, whether they have to be PCI DSS-certified themselves or not: Customers that are required to be PCI DSS-certified will be able to use this certification as part of their own audit, simplifying the process. Other customers and prospects will find this certification beneficial because PCI DSS is viewed as a good indicator of the ability of an organization to build, maintain and certify that best security practices are in place.
Our PCI compliance demonstrates the commitment that Symantec MSS has to information security at every level. Compliance with the DSS standard, validated by an independent third-party audit, confirms that the internal security program in place is comprehensive and follows best practices. This validation provides more assurance and clarity for customers evaluating the breadth and strength of our security practices.
I want to point out that Symantec is one of the few MSS providers to have achieved the rigorous audit and certification process required by the PCI DSS 2.0 standard. We understand the need to independently validate the security of our infrastructure, and this certification adds to our ISO 27001 and SSAE16/SOC1 Type II certifications and demonstrates that our security services are robust enough to meet the most stringent standards of best practices.