Other Standards

Process StandardBased On

The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security.


These materials include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process -- including prevention, detection and appropriate reaction to security incidents.

Tools to assist organizations validate their PCI DSS compliance include Self Assessment Questionnaires. Linked here shows some of the tools available to help organizations become PCI DSS-compliant.
For device vendors and manufacturers, the Council provides the PIN Transaction Security (PTS) requirements, which contains a single set of requirements for all personal identification number (PIN) terminals, including POS devices, encrypting PIN pads and unattended payment terminals. A list of approved PIN transaction devices can be accessed here.
To help software vendors and others develop secure payment applications, the Council maintains the Payment Application Data Security Standard (PA-DSS) and a list of Validated Payment Applications.
The Council also provides training to professional firms and individuals so that they can assist organizations with their compliance efforts. The Council maintains public resources such as lists of Qualified Security Assessors (QSAs), Payment Application Qualified Security Assessors (PA-QSAs), and Approved Scanning Vendors (ASVs). Large firms seeking to educate their employees can take advantage of the Internal Security Assessor (ISA) education program.

Our QSA Qualified AssociateKnow More

COBIT

COBIT 4.1, Val IT and Risk IT users who are already engaged in governance of enterprise IT (GEIT) implementation activities can transition to COBIT 5 and benefit from the latest and improved guidance that it provides during the next iterations of their enterprise’s improvement life cycle.

COBIT 5 builds on previous versions of COBIT (and Val IT and Risk IT) and so enterprises can also build on what they have developed using earlier versions.

Know More

TIA-942

As part of an ongoing effort to expose myths and misconceptions about its Data Center Tier Classification System, The Uptime Institute (TUI) recently took issue with the notion that the TIA-942 Telecommunications Infrastructure Standard for Data Centers is a guideline for tier classifications. "The similarities between the Uptime Institute Tiers and TIA-942 stop at the surface," the group said in its fourth round of Tier Myths and Misconceptions documents. "Uptime Institute Tiers is functionally disconnected from TIA-942," it continued. "The core objective of Uptime Institute Tiers is to guide a design topology that will deliver high levles of availability, as dictated by the owner's business case. Uptime Institute Tiers evaluates data centers by their capability to allow maintenance and to withstand a fault. Uptime Institute Tiers is not available in checklist form."

Know More

Location: New York - Department: Engineering

Depending on the nature of the disruption, the data center's overall integrity may be untouched or it could be totally destroyed. DR plans need to be flexible and scalable to address a broad range of disruption scenarios. This article, with its associated data center disaster recovery plan template, will help you structure a plan that addresses your data center's operational and people issues.

For purposes of comparison, a data center disaster recovery plan focuses exclusively on a data center facility and its infrastructure, e.g., physical location, construction, security, power sources, and environmental systems. By contrast, a disaster recovery plan is a broad term that describes a process to recover disrupted IT systems, networks, and other critical assets an organization uses.

Know More

Tier Standard Overview

Data center tier standards exist to evaluate the quality and reliability of a data center’s server hosting ability. The Uptime Institute uses a somewhat mysterious four-tier ranking system as a benchmark for determining the reliability of a data center. This proprietary rating system begins with Tier I data centers, which are basically warehouses with power, and ends with Tier IV data centers, which offer 2N redundant power and cooling in addition to a 99.99% uptime guarantee. A Tier III data center is concurrently maintainable, allowing for any planned maintenance activity of power and cooling systems to take place without disrupting the operation of computer hardware located in the data center. In terms of redundancy, Tier III offers “N+1″ availability. Any unplanned activity such as operational errors or spontaneous failures of infrastructure components can still cause an outage. In other words, Tier III isn’t completely fault tolerant. A Tier IV data center is fault-tolerant, allowing for the occurrence of any unplanned activity while still maintaining operations. Tier IV facilities have no single points of failure.

The basic concept is that a Tier IV design requires double the infrastructure of a Tier III design. Note that both Tier III and Tier IV data center specifications require IT equipment to have dual power inputs to permit maintenance of power distribution components between the UPS and IT equipment.Data center tier standards exist to evaluate the quality and reliability of a data center’s server hosting ability. The Uptime Institute uses a somewhat mysterious four-tier ranking system as a benchmark for determining the reliability of a data center. This proprietary rating system begins with Tier I data centers, which are basically warehouses with power, and ends with Tier IV data centers, which offer 2N redundant power and cooling in addition to a 99.99% uptime guarantee. A Tier III data center is concurrently maintainable, allowing for any planned maintenance activity of power and cooling systems to take place without disrupting the operation of computer hardware located in the data center. In terms of redundancy, Tier III offers “N+1″ availability. Any unplanned activity such as operational errors or spontaneous failures of infrastructure components can still cause an outage. In other words, Tier III isn’t completely fault tolerant. A Tier IV data center is fault-tolerant, allowing for the occurrence of any unplanned activity while still maintaining operations. Tier IV facilities have no single points of failure. The basic concept is that a Tier IV design requires double the infrastructure of a Tier III design. Note that both Tier III and Tier IV data center specifications require IT equipment to have dual power inputs to permit maintenance of power distribution components between the UPS and IT equipment.

Know More