Iron Mountain achieves PCI compliant status. Is your vendor PCI compliant?

The threat of credit card data loss or compromise is significant. The Payment Card Industry (PCI) Data Security Standard exists to support secure practices in credit card processing and resulted from major credit card issuers aligning their individual security programs into an industry standard. The foundation of PCI was built from Visa's Cardholder Information Security Program (CISP). The standard provides the requirements that all entities storing, processing or transmitting cardholder data must abide by.

The objective of the PCI program is to encourage companies to maintain a high level of security to protect cardholder information regardless of where it resides.

The compliance requirements comprise six areas:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

It is mandatory for companies to comply and, further, to conduct business with other PCI-compliant members—not doing so could be costly. Credit card companies can impose hefty fines reaching $500,000 per incident and your credit card processing services could be terminated. PCI compliance provisions should be included in third-party contracts as well.

Iron Mountain has taken an industry leading position on safeguarding customer information. To this end, we engaged the services of an independent auditor to ensure and certify that our policies, systems and technologies comply with the (PCI) Data Security Standard. Iron Mountain's compliance within the program is defined as a Level 1 service provider. We recently completed an onsite audit confirming compliance with the PCI Data Security Standard for 2009 for our records management, data protection and shredding businesses, the third year in a row we have achieved this certification. Iron Mountain is proud to be recognized on the list of "compliant service providers" published by Visa.

We can now extend that commitment with our appointment to the PCI Security Standards Council, an exclusive group of organizations helping to shape the development of PCI standards. As a member of the council, Iron Mountain has the opportunity to leverage our expertise and experience as a service provider in protecting credit card data for thousands of customers across a variety of industries.

To view the list of compliant service providers, or for more information on the PCI Data Security Standard visit: Visa U.S.A's website