On 31 January 2018, M&A Data Center has achieved the compliant for the colocation and the physical security of the Payment Card Industry Data Security Standard (PCI DSS) Version 3.2 at Service Provider Level 1. Administered and managed by a consortium of the major payment card brands – Visa Inc., MasterCard Worldwide, Discover Network, American Express and Japan Credit Bureau (JCB) – PCI DSS is a stringent set of the security requirements and protocols established for the entities that process or transmit cardholder data hence the cardholder information are protected from credit card fraud. M&A Data Center is the first data center in Myanmar to be compliant with PCI DSS and with this latest compliance, financial institutions and companies processing with payment cards are assured that their IT infrastructure hosted within M&A Data Center can enable safe and secure financial transactions.
Trustwave Holdings, Inc., a provider of information security and compliance solutions, audited and assessed M&A Data Center’s physical space and security profiles according to the PCI DSS’s established guidelines. Qualified Security Assessor (QSA) from Trustwave reviewed on company policies and procedures, facility physical access controls and logging, CCTV, employee/visitor badging and logs. We have proven and verifiable PCI compliance in the form of assessment results in an Attestation of Compliance (AOC) and Report on Compliance (ROC). The effective period for compliance begins upon passing the audit and receiving the AOC from the PCI DSS, and ends one year from the date the AOC is signed. However, it is important to know that this PCI DSS compliance status does not interpret to PCI DSS certification for the services that customers host or store in M&A Data Center.