- Why uHost
- About Us
- Learn More
uHost has a standing policy of supporting customers in their efforts to be certified in a variety of auditing standards. Examples are ISO, SAS 70, internal data and security audits. uHost has had prior experience in working with customers on their SAS 70 audits and has been a successful partner in customer certification.
SAS 70 Overview
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
A SAS 70 examination signifies that a service organization has had its control objectives and control activities examined by an independent accounting and auditing firm. In today's global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.
SAS 70 is not a pre-determined set of control objectives or control activities that service organizations must achieve. A SAS 70 examination is not a "checklist" audit.
To support our customers in their SAS 70 certification audits, we will provide your auditors the appropriate documentation on uHost Systems’ policies, controls & processes behind our services. This includes uHost Systems functions such as:
uHost has a proven track record of successfully supporting its customers in their own SAS 70 certifications, by providing this documentation and a tour of the datacenter facility conducted by our account manager and sales engineer.
PCI Security Standards Overview
PCI (Payment Card Industry) security standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions. PCI security standards include:
PCI Data Security Standard (DSS)
The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If you are a merchant who accepts or processes payment cards, you must comply with the PCI DSS.
PIN Entry Device (PED) Security Requirements
PCI PED applies to manufacturers who specify and implement device characteristics and management for personal identification number (PIN) entry terminals used for payment card financial transactions. Merchants should use only PIN entry devices that are tested and approved by the PCI SSC. Authorized devices are listed at: www.pcisecuritystandards.org/security_standards/ped/pedapprovallist.html
Payment Application Data Security Standard (PA-DSS)
The PA-DSS is for software developers and integrators of payment applications that store, process or transmit cardholder data as part of authorization or settlement when these applications are sold, distributed or licensed to third parties. Most card brands encourage merchants to use payment applications that are tested and approved by the PCI SSC. Validated applications are listed at: www.pcisecuritystandards.org/security_standards/pa_dss.shtml
There are three ongoing steps for adhering to the PCI DSS:
Reports are the official mechanism by which merchants and other organizations verify compliance with PCI DSS to their respective acquiring financial institutions. Depending on card brand requirements, merchants and service providers may need to submit a SAQ or annual attestations of compliance for on-site assessments (see PCI DSS version 1.2, Appendices D and E for more information). Quarterly submission of a report for network scanning may also be required. Finally, individual card brands may require submission of other documentation.
Information Contained in PCI DSS Reports: