Within PCI DSS (Payment Card Industry Data Security Standards), there is a standard dedicated to having the merchant create an incident response plan in order to act quickly and surely in the event of a breach. The requirement demands that merchants address issues like communication and contact strategies, business recovery procedures, as well as coverage for all critical system components.
Aside from creating the plan itself, merchants are responsible for the following:
- Test the plan at least annually
- Designate specific personnel to be available on a 24/7 basis to respond to alerts
- Provide appropriate training to staff with security breach response responsibilities
- Include alerts from intrusion detection, intrusion prevention, and file integrity monitoring systems.
- Develop a process to modify and evolve the incident response plan according to lessons learned and to incorporate industry developments.
Merchants can get help with these issues of PCI compliance by having an offsite backup outsourced through a hosting provider. Online Tech’s offsite backup allows your encrypted files to move to our Mid-Michigan data center an optimal 53 miles away, with 24/7 monitoring, and full file level restoration. We offer file integrity monitoring (FIM) and daily log review as well, with engineers on hand trained to install and manage the backup, and to respond in the event of an incident.
It’s also possible to move your disaster recovery plan into the cloud. If your production environment is cloud-based, it’s possible to replicate the entire environment including network configurations and entire servers. This cuts recovery time down dramatically, from days to just a few hours. Not to mention what it does for the bottom line. Cloud-based disaster recovery costs less than half of the production environment.
More information about PCI compliant backup services with a hosting provider can be found in our PCI Compliant Hosting white paper.
Tackling PCI Compliance Challenges in the Cloud
In addition to defining PCI cloud hosting providers’ roles and responsibilities when it comes to achieving compliance in conjunction with clients/merchants, the recently released PCI DSS Cloud Computing Guidelines from the PCI Security Standards Council, also covers a few examples … Continue reading →
Customer Privacy in Cloud Computing Contracts Key for PCI Compliance
On January 31, the Payment Card Industry Security Standards Council issued its new set of card data security guidelines for merchants and payment providers. The supplemental document addresses increasing risks to e-commerce environments and how online businesses should work with … Continue reading →
Understanding Big PCI Compliance Pitfalls
PCI DSS (Payment Card Industry Data Security Standards) compliance is important to any company processing, storing, or transmitting cardholder data. However, its 12 security requirements are complex (each requirement is broken down into many different sub-categories so that at the … Continue reading →