San Diego, Calif. – June 13, 2016 – ComplianceMetrix (CMX), LLC, an enterprise provider of cloud-based compliance, risk and quality management solutions, announced today that it has achieved Payment Card Industry (PCI) Data Security Standard (DSS) certification for its software applications and cloud-based platform RequirementsLive (RQL) hosted by Amazon Web Services (AWS).
PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data and/or sensitive authentication data.
The rigorous audit of CMX’s personnel, policies, processes, and resulting certification was performed by RSI Security, a Qualified Security Assessor (QSA) for PCI DSS. RSI spent several months reviewing and validating the hundreds of PCI procedural and technical controls required were in place.
“CMX chose specifically to pursue PCI DSS certification as it is recognized as an explicit set of requirements for insuring the proper development and operation of our applications and the environments they run in. The standard consists of universally accepted procedural and security best practices. For CMX, we make no distinction about the data we store. We treat all customer data in our cloud applications as sensitive.” said James Gunn-Wilkinson, Chief Technology Officer, ComplianceMetrix.
All CMX customers benefit from the following controls:
- Encryption of all data in transit over the public internet zone and internal networks for messaging and database connections
- Encryption of all data at rest including artifacts, database stores and objects stored in Amazon’s Simple Storage Service (S3)
- Intrusion detection and Antivirus on all servers
- Access log retention policies
- Change Control Processes
- Quarterly Vulnerability scanning
- 2-Factor authentication required for all access to CMX’s Cloud Hosting virtual facilities
“Protecting our client’s data has always been a top priority. We’ve engineered security into our platform and applied best practices from the beginning. PCI certification is an incredibly high standard, which demands significant and ongoing commitment throughout our organization. We’re delighted that we can provide our customers with the added assurances that accompany an independent certification.” said Mitch Porche, President and CEO, ComplianceMetrix, LLC.
The Report on Compliance (ROC) is available upon request by CMX’s customers and prospects currently under NDA.
ComplianceMetrix (CMX) helps the world’s largest brands achieve Operational Excellence in Compliance, Risk and Quality. It’s the only solution designed to protect brands and drive sustainable performance, through intelligent automation that combines compliance, quality and operational activities into a single operating platform.
About RSI Security
RSI Security is a nation’s premier information security and compliance provider dedicated to helping organizations achieve risk-management success. We work with some of the world’s leading companies, institution and governments to ensure the safety of their information and their compliance with applicable regulations.
ComplianceMetrix is a registered trademark of RequirementsLive, LLC.