Skytap is pleased to announce that we are on track to achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS) and ISO/IEC 27001:2013 in Q4 2020. This will give Skytap customers a PCI DSS and ISO/IEC 27001:2013 compliant option to run traditional IBM Power workloads in Azure and IBM Cloud. Skytap now provides IBM Power users with a way to enjoy the benefits of cloud speed and scale while ensuring their data is secured to internationally recognized standards.
PCI DSS compliance provides assurance to customers that Skytap’s infrastructure meets standards set by the payment card industry to keep credit card information secure, such as encrypting transmission of cardholder data and using a firewall to protect it. Any business that transmits, stores, handles or accepts credit card data—regardless of size or processing volume—must comply with the PCI. ISO 27001 is a more general international standard for data security. In addition to these two security standards, Skytap also conducts annual SOC 2 Type 2 compliance audits performed by an independent third party audit firm and can provide SOC 2 audit reports to customers upon request. Audited compliance with these security standards provides customers with assurance that Skytap is a safe foundation on which you can build and run applications that comply with all three standards.
Skytap’s dedication to providing customers with secure cloud infrastructure services is reflected throughout our development and production operations practices. The responsibility of maintaining overall security and compliance in the cloud is shared between Skytap and you, our customers. Skytap is responsible for the security of the Skytap cloud platform, including all underlying people, processes and technology supporting the hosting infrastructure. You are responsible for security inside your customer environment. For example, Skytap implements antivirus software on all appropriate systems hosting the Skytap platform while you are responsible for implementing antivirus software on systems you deploy and manage within your Skytap environments.
With Skytap achieving PCI and ISO 27001 compliance, it’s easier for you to meet these standards as well. You can focus on maintaining security and compliance within Skytap and let us do the rest. For many IBM Power users, especially those in highly regulated industries like finance, lack of PCI compliance is an additional factor preventing them from moving to the cloud, on top of the time and difficulty of rewriting and refactoring traditional applications. Now, IBM Power users can easily migrate their workloads and modernize their applications without risking their PCI or ISO 27001 compliance status.
We are continuously enhancing our platform to make Skytap the most secure and versatile infrastructure option for IBM Power workloads in the cloud. Additional security certifications like HITRUST (for demonstrating HIPAA compliance) are on our roadmap, so stay tuned. You can rest assured that we are working every day to make sure your data is safe.