The Security and Compliance Experts
Sales: 855-623-8329

PCI Compliance Hosting FAQ

Questions About PCI Compliance Hosting and Compliance Management

  1. Are your PCI compliance services different for service providers than for merchants?
  2. What is the value in using Layered Tech versus Self-Assessment Questionnaire (SAQ) generators?
  3. How does Layered Tech differ from a Qualified Security Assessor (QSA) or scan vendor?
  4. What value can be provided by using secure hosting?
  5. How do I know what level of merchant I am?
  6. Can Layered Tech help me become PCI compliant?
  7. What PCI compliance services does Layered Tech offer to help me become PCI DSS compliant?
  8. What PCI compliance services do I receive with Layered Tech's Layer 4: Compliance Management offering?
  9. Why should I trust Layered Tech as my PCI compliance service provider?
  10. I am a service provider. Will my clients accept Layered Tech as a place to host critical services?
  11. What are my options for deploying a PCI DSS compliant solution?
  12. What is a typical PCI compliance hosting deployment timeframe?
  13. How much of the PCI DSS process am I responsible for versus how much will Layered Tech handle?
  14. Can I provide my own servers?
  15. How much can you take off my plate in terms of logging, management, rollouts, application alarms, etc.? Where do my responsibilities begin and end?
  16. How do I manage change?
  17. How do I handle security events?
  18. When will I be notified of security events?
  19. What logs am I capturing?
  20. Are my tools protecting me correctly?
  21. Who can access your card data?

Q1. Are your PCI compliance services different for service providers than for merchants?

A. Layered Tech compliance management services are based on satisfying the PCI DSS requirements and can be applied to any environment that needs to meet those requirements. back to top ^

Q2. What is the value in using Layered Tech versus Self-Assessment Questionnaire (SAQ) generators?

A. Layered Tech provides contracted security and compliance management services that facilitate PCI compliance. Scan vendors and SAQ generators do not represent a complete package. back to top ^

Q3. How does Layered Tech differ from a Qualified Security Assessor (QSA) or scan vendor?

A. Layered Tech is a PCI compliance service provider that allows a merchant to offload the duties that a QSA would require be accomplished. A QSA only assesses the compliance of your systems. Layered Tech facilitates the compliance of your systems. Scan vendors provide a single service to cover a single PCI DSS requirement. Layered Tech provides PCI compliance services that fulfill all IT security controls required by the PCI DSS requirements. back to top ^

Q4. What value can be provided by using secure hosting?

A. Engaging a managed service provider for secure hosting has many benefits, including:

back to top ^

Chat online with an account manager, or call 855-623-8329 now.

Q5. How do I know what level of merchant I am?

A. Your merchant level depends on the card brands you accept. Most designations use Visa's guide, which can be found at http://usa.visa.com/merchants/risk_management/cisp_merchants.htmlback to top ^

Q6. Can Layered Tech help me become PCI compliant?

A. Absolutely. Engaging with Layered Tech makes the security validation process much simpler and more reliable than it would be on your own. Layered Tech has helped many companies, large and small, meet PCI compliance by facilitating the majority of the technical requirements. While Layered Tech takes over significant portions of the related security work (see Q13), the fundamental responsibilities (e.g., internal security policies, etc.) of a card data owner remain with you. back to top ^

Q7. What PCI compliance services does Layered Tech offer to help me become PCI DSS compliant?

A. Layered Tech offers a comprehensive suite of managed compliant services called Layer 4: Compliance Management. We constantly monitor and oversee your systems – everything from creating logs and responding to alerts to patching or updating activities. You will not need to add staff or training when you engage with us.back to top ^

Q8. What PCI compliance services do I receive with Layered Tech's Layer 4: Compliance Management offering?

A. The Layer 4: Compliance Management page contains a detailed feature summary of included system, network and database managed services. back to top ^

Q9. Why should I trust Layered Tech as my PCI compliance service provider?

A. Complex enterprise data protection is our niche, and we have a strong record of maintaining security compliance. Layered Tech undergoes many PCI assessments and external audits a year, including an on-site assessment for the Level 1 Report on Compliance (ROC), as well as successful completion of SSAE 16 Type II audits. We know what it takes to achieve and maintain compliance, and how to ensure the ultimate security of our clients' critical data.

Learn more about our unique combination of PCI compliance experience and PCI compliant hosting support.

back to top ^

Chat online with an account manager, or call 855-623-8329 now.

Q10. I am a service provider. Will my clients accept Layered Tech as a place to host critical services?

A. Touting your relationship with Layered Tech can actually enhance your sales process. Our reputation as a premier global provider of managed compliant services is unparalleled. And our ability to field complex questions from clients' IT management and external auditors consistently proves valuable in helping demonstrate clients' commitment to providing the utmost confidentiality, integrity and availability of sensitive data.back to top ^

Q11. What are my options for deploying a PCI DSS compliant solution?

A. Layered Tech's compliance as a service can be implemented as physical dedicated servers, as an enterprise secure cloud solution, or a combination of both, even in remote data centers with international locations. The type of implementation is dependent on your application scope and system requirements. If you need data center space, we can provide it, but we can also work with you to plan a compliant services implementation in remote locations. Co-located systems at Layered Tech allow you to leverage your existing capital expenditures while benefiting from a physical security implementation designed to meet and exceed the PCI DSS requirements. back to top ^

Q12. What is a typical PCI compliance hosting deployment timeframe?

A. Deployment timeframes can fluctuate based on the size and complexity of the system being implemented. System deployment, which includes Layered Tech's compliant managed services (Layer 4: Compliance Management), typically takes 7-15 business days. back to top ^

Q13. How much of the PCI DSS process am I responsible for versus how much will Layered Tech handle?

A. Layered Tech can fulfill - and guarantee - all of the IT controls stipulated by the PCI DSS. This equates to roughly 80 percent of the total PCI DSS mandates, with the policy and custom application requirements being your responsibility. (see Q15 also) back to top ^

Chat online with an account manager, or call 855-623-8329 now.

Q14. Can I provide my own servers?

A. Of course. Layered Tech provides a comprehensive suite of compliance management services, independent of the hardware or software in the underlying environment. We also support a variety of platforms and software components. back to top ^

Q15. How much can you take off my plate in terms of logging, management, rollouts, application alarms, etc.? Where do my responsibilities begin and end?

A. A common method of describing where our services stop is to think in terms of system and custom application. Layered Tech's PCI compliance services manage the device from the operating system down, including all changes, patches, logs, security events, access control, etc. As the client, you are responsible for your custom application features, security methods and direct support. However, you may utilize Layered Tech features to assist with custom application management. A good example is change management. You may want to prevent your developers from accessing or deploying to production systems. With Layered Tech's change management, a Layered Tech client support team member performs the deployment steps for new code. back to top ^

Q16. How do I manage change?

A. Layered Tech's robust, successful change management system is available to all our clients and can be accomplished easily through our normal technical support channels. Your staff can fully engage Layered Tech to manage all change on your systems, and when assessment time comes, you are assured that all the change management requirements have been met. back to top ^

Q17. How do I handle security events?

A. All compliance management clients at Layered Tech have built-in security event handling. A robust combination of change control, real-time event alerting (IDS, A/V, FIM), and 24/7 staffing allows Layered Tech to be the first- and second-tier response units on client systems. Additionally, Layered Tech staff can perform full remediation as required. This model frees clients from the day-to-day staffing and expense related to managing significant amounts of security tool output. back to top ^

Chat online with an account manager, or call 855-623-8329 now.

Q18. When will I be notified of security events?

A. Layered Tech truly operates as an extension of your IT staff. Critical security events are engaged by Layered Tech's Computer Security Incident Response Team (CSIRT) and include plans for client involvement. After an event first goes through our support and security staff, we escalate to you if and when there is an impact to your system, application or clients. Additionally, when you are contacted by us, we will have a remediation plan for you to consider and approve. back to top ^

Q19. What logs am I capturing?

A. Layered Tech captures all system logs and routes them to a central logging system where analysis is performed to meet security event collection requirements. back to top ^

Q20. Are my tools protecting me correctly?

A. Layered Tech is unique in that we believe tools alone do not make a solution. It requires a powerful combination of people, processes and technology to provide a secure data protection solution. All of Layered Tech's services are backed by a dedicated, expert support team, who perform monthly audits against all our security tools and services to ensure consistent implementation and performance. back to top ^

Q21. Who can access your card data?

A. System and administrative level access to card data systems is vigorously restricted, logged and authenticated. Application-level access to card data is controlled principally by the security of the custom software you have deployed. Layered Tech will work with you to ensure strong controls on encryption are in place. back to top ^

Chat online with an account manager, or call 855-623-8329 now.

Chat Now Contact UsRequest a Quote