PCI compliance

Refer to our Compliance Guidance for an overview of our PCI-compliant program, including security & compensating controls, and a general allocation of responsibility.

Overview

Payment Card Industry (PCI) Data Security Standards (DSS) is a set of network security and business best practice guidelines that establish a “minimum security standard” to protect payment card information. While Upsun doesn’t handle credit cards, many of our customers do.

Upsun undergoes an annual third-party audit to maintain PCI DSS recertification. Note that the FR-1 and FR-3 regions are excluded from our PCI certification.

Responsibility

Customers who want to run PCI workloads on Upsun must agree to and implement the measures contained in the Upsun PCI Responsibility Matrix (Excel). This document provides guidance on shared responsibilities to achieve PCI DSS compliance using PCI DSS v4.0.1 as a reference.

While Upsun provides a secure and PCI compliant infrastructure, the customer is responsible for ensuring that the environment and applications that they host on Upsun are properly configured and secured according to PCI requirements. Failure to do so will result in a non-compliant customer environment.

Our most current PCI DSS report can be obtained from a sales or account representative.