September 2024
Compliance with the PCI DSS is required of all companies that process, store, or transmit credit card information through the five major payment card brands. Certain Instaclustr™ by NetApp® services have been certified as compliant with the PCI DSS at Level 1—the highest level of transactions.
The PCI DSS is a set of security standards designed to improve payment account security and prevent fraud throughout the transaction process by increasing control of credit card data. Compliance with the PCI DSS is required of all companies that process, store, or transmit credit card information through the five major payment card brands: American Express, Discover, the Japan Credit Bureau (JCB), MasterCard, and Visa.
Based on the total transaction volume over a 12-month period, companies are evaluated and classified at one of four levels, ranging from Level 1 for companies processing over 6 million transactions annually to Level 4 with fewer than 20,000 transactions a year.
The PCI Security Standards Council (PCI SSC), an independent body created by the major payment card corporations, sets the standards, administers them, and manages their ongoing evolution.
Instaclustr by NetApp undergoes an annual PCI audit to confirm that it is maintaining the strict security protocols required by the payment card industry. Instaclustr by NetApp engages Foregenix, a QSA, to validate compliance with the PCI DSS through an assessment that includes quarterly vulnerability scans. After performing the requisite audits, Foregenix issued an Attestation of Compliance at Level 1.
Note that the PCI DSS compliance of these Instaclustr by NetApp services don’t translate automatically to PCI DSS certification for the services that customers run on our services. Customers must manage their own PCI DSS compliance certification and engage their own QSA to validate that their environment complies with PCI DSS requirements.
Instaclustr by NetApp has five main offerings covered by PCI DSS certification, which are currently restricted to Amazon Web Services (AWS) and Google Cloud Platform (GCP):
For more details, including the full list of customer requirements for running a PCI-managed service, refer to the Instaclustr by NetApp PCI Compliance Documentation.
The Instaclustr by NetApp management network, which deploys, manages, and monitors all components of a customer’s data infrastructure, must comply with all required PCI DSS controls. This means that even customers who do not elect PCI-level security on their own managed infrastructure still benefit from the strict adherence of Instaclustr by NetApp to PCI DSS security policies.
