Description:
The Payment Card Industry Data Security Standard outlines the restrictions placed on any organization that handles payment information, from processing transactions to storing cardholder data.

Solution:
In addition to the VirtuCrypt environment undergoing PCI DSS audits, VirtuCrypt’s key management and encryption services are compliant with PCI DSS requirements because all services incorporate tamper-resistant Secure Cryptographic Devices (SCD) with logical functionality specifically designed for organizations operating under PCI DSS requirements. Additionally, a set of rigorous policies and procedures ensure that all data is kept secure, in fulfillment of requirements.

Description:
The Federal Information Processing Standards are used to assign cryptographic modules a value from 1 to 4, with 1 meeting minimal physical security requirements and 4 meeting the strenuous requirements for withstanding extreme environments.

Solution:
All of VirtuCrypt’s devices are validated as FIPS 140-2 Level 3, making them some of the most physically secure in the industry. FIPS 140-2 Level 3 validation requires both tamper evidence and tamper resistance as well as a bevy of physical security measures such as restrictions on vents and locks.

VirtuCrypt’s devices utilize difficult-to-replicate bezel locks, physically reinforced chassis, and a zeroization mechanism that instantaneously erases all sensitive data within the module in the event of tamper, ensuring criminals can never obtain your information.

Description:
The Payment Card Industry PIN Transaction Security: Hardware Security Module standard defines the requirements for cryptographic modules’ design, manufacture, and deployment.

Solution:
The devices used for VirtuCrypt’s cloud services are validated as compliant with PCI HSM, providing organizations with the assurance that the cloud they’ve chosen is treating their data with the utmost security, both logical and physical.

Description:
Organizations who handle PIN transactions must be compliant with American National Standards Institute TR-39 requirements, which evaluates how businesses treat transaction processing within an ATM or point of sale environment. To perform an audit, the auditor must be CTGA-accredited.

Solution:
VirtuCrypt employs CTGA-accredited Solutions Architects to provide training, helpdesk services, and audit preparation services for clients.

The CTGA training and accreditation allow our Solutions Architects to view your infrastructure from an auditor’s perspective. They’ll design your VirtuCrypt solution from the ground up with compliance in mind the whole way.

Description:
The Health Insurance Portability and Accountability Act of 1996 mandates how healthcare organizations treat the privacy and security of their patients’ Personally Identifiable Information (PII).

Solution:
All VirtuCrypt facilities are certified as HIPAA compliant, and by utilizing VirtuCrypt’s robust Secure Cryptographic Devices, healthcare organizations can easily ensure their patient data is kept encrypted and safe at all times.

Description:
The Statement on Standards for Attestation Engagements number 16 was established by the American Institute of Certified Public Accountants (AICPA) as a renovation of an older standard called SAS 70. This standard outlines different Service Organization Control levels that deal with different types of reporting.

Solution:
VirtuCrypt’s data centers are SOC 1, 2, and 3 compliant, meeting the reporting requirements for all three levels for Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Description:
The Telecommunications Infrastructure Standards for Data Centers is a standard that outlines the requirements for data center buildings regarding layout, environment, cabling, and more. The tier system establishes increasing levels of reliability, with Tier 4 providing 99.995% fault tolerant availability.

Solution:
VirtuCrypt’s data centers meet the requirements for TIA-942’s highest tier level, providing our customers with the most reliability possible. The data centers utilize multiple active-active cooling paths with redundant power sources that have input from two separate grids with power fed from three substations.