PCI DSS is the security certification that applies to any organization or merchants that accepts, transmits or stores any credit card data. PCI compliance warrants close scrutiny by any organization's IT Security team because fines for non-compliance can exceed tens or even hundreds of thousands of dollars.
CenturyLink offers a full menu of PCI-DSS-compliant technology solutions and is listed with VISA as a compliant service provider. Inclusion in this listing is possible because CenturyLink has obtained the following passing Reports on Compliance (ROC):
CTL provides services to many level 1 and level 2 merchants, credit card processing companies and other parties who must demonstrate PCI compliance in environments that utilize CTL services. Our customers have used third-party Qualified Security Assessors (QSAs) to examine their PCI compliance, leveraging CTL services. These QSAs, in turn, have submitted ROCs that attest to our customers' adherence to the PCI DSS. Customers leveraging our existing certifications will benefit by reducing the duration and costs of their PCI audits. CTL benefits by reducing the amount of customer audits we have to participate in.
The Payment Card Industry Data Security Standard also known as PCI DSS is a multi-faceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations protect systems used to store, process or transmit cardholder data.
ROC stands for Report on Compliance. It is a report containing the details of an entity’s PCI assessment.
AOC stands for Attestation of Compliance. It is the official PCI compliance certification document.
Any organization that stores, processes or transmits cardholder data, or can impact the security of those environments are subject to PCI DSS requirements. This applies to organizations that store cardholder data in paper or electronic form.
Information technology is at the core of compliance with this data security standard. IT professionals deploy, monitor, test and maintain the network components, which support transactions involving cardholder data. Those components can be almost anything attached to the network, including servers, switches, routers, firewalls and other applications.
The PCI Security Standards Council recommends that the parts of the network that are involved with cardholder data be isolated, which makes it possible to rein in the network environment subject to the standard. Otherwise, an organization's entire network can be subject to PCI DSS and, consequently, to the annual assessment.
Customers going through a PCI audit can leverage the existing CenturyLink PCI ROC Letter and Attestation of Compliance (AOC) from our PCI auditor (QSA) as part of their audits. This means the Customer's auditor does not need to audit those areas again; they can just leverage the audit CenturyLink conducted. This Letter contains the date of the assessment, the scope, responsibility matrix for each in-scope requirement, as well as the result of the assessment. The AOC is the official PCI Certification document. These documents may be shared with the customers QSA.
Yes. CenturyLink is listed as a Hosting Service Provider on the VISA website.
Hybrid-ready public cloud provides the agility, scalability and security expected from an enterprise-class cloud, backed by an industry leading global network.
Experts at the ready to maintain and administer your cloud deployments. Rapid provisioning, hourly billing, and highly automated.
A full complement of threat prevention, threat management, incident response and analysis services to support your hosted or on-premise enterprise security environments.
Maintain complex IT infrastructure and applications with our comprehensive portfolio of managed hosting services including, fully manage networks, servers, storage, operating systems, and security.
Gives a range of storage options including data replication and back up/archiving. CenturyLink solutions are secure, affordable and can provide data resilience with up to 5 nines.