PCI - PAYMENT CARD INDUSTRY
DSS - DATA SECURITY STANDARD
is fully PCI DSS compliant and rated to level 1. This gives not just those doing business on the internet with our hosting security, but all ContACT's customers are covered by the same level of security.
ContACT is fully protected from unauthorized access from the Internet, whether entering the system as e-commerce, employees' internet-based access through desktop browsers, or employees' email access.
These security requirements apply to all "system components". System components are defined as any network component, server, or application that is included in or connected to the cardholder data environment.
NETWORK COMPONENTS – Include firewalls, switches, routers, wireless access points, network appliances and other security appliances.
SERVER TYPES – Include web, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS)
APPLICATIONS – Include all purchased and custom applications, including internal and external applications.
Firewalls are a key protection mechanism for any computer network. A network firewall examines all network traffic and blocks those transmissions that do not meet the specified security criteria. Plus an application firewall examines all traffic packets before being passed to servers for potential hazards. ContACT has an established firewall configuration standard approved by Trustwave.
Encryption is a critical component of cardholder data protection. Without proper cryptographic keys, the data is unreadable and unusable to an intruder. ContACT does not store sensitive authentication data, cardholder data storage is to a minimum.
Vulnerability Management covers the anti-virus software ContACT uses to protect systems from malicious software and unscrupulous individuals who use security vulnerabilities to gain privileged access to our system. ContACT has the most recently released, appropriate software patches to protect against exploitation.
Tracking and Monitoring is critical if something does go wrong. Without system activity logs, determining the cause of a compromise would be very difficult. ContACT has established a process to monitor all access to network resources and cardholder data.
Ecommerce is a secure area of any website where visitors can make requests for reservations, purchase product and submit their details and credit card information securely over the internet. ContACT provides these facilities PCI-DSS compliant.
- Our servers are located in a major Data Centre which is fully managed and monitored by a closed circuit television system 24 hours a day, seven days a week.
- Fully protected from unauthorized access with up to date anti-virus software, firewalls, tracking and monitoring and ecommerce security appliances.
- Combination of emergency generators and battery backup minimizes service interruptions.
In addition to the standard security measures provided by the building management, there are three additional lines of defence.
- Access Control
- CCTV Monitoring, where the racks are monitored 24 hours per day by sophisticated CCTV (Close Circuit Television) system. These are recorded and achived for a period of 31 days.
- Lastly Anti-intrusion whereby devices detect and alarm all vulnerable services and installations.
Power to the Data Centre is rigorously engineered to maintain availability and continuity of power. Dedicated power is supplied by an Energy Australia substation from a resilient high voltage mains ring with diverse routing independent of the standard building power supply. Power is connected to independent, but integrated, "A" and "B" main switchboards. Two separate power reticulation systems are used for enhanced redundancy.
Emergency Power Backup
The facilities employ both AC and DC power systems. Both these systems have been designed for a minimum 5 days autonomy period at full load, by way of a diesel generator and battery supplied backup. This means all the critical network management, control equipment and serving equipment have the comfort of sustained back-up power. A dual UPS battery (AC & DC) supply system provides for dual power to all systems, plus the emergency generators backup the DC power plant.
The combination of emergency generators and battery backup minimizes the possibility of services being disrupted by a mains power failure. Two separate building feeds minimize power outage in the event that one feed completely fails.
Building Management and Equipment Monitoring
A sophisticated building management system monitors all the technical, security and Mechanical and Electrical facilities in the building including power, lighting, air-conditioning, water etc. This system is monitored 24hours x 7 days, by on site security personnel.