PCI Certified Service Provider

PCI DSS Compliance Solutions

Hyve was among the first to achieve Level 2 PCI Certified Service Provider status and is an active member of the PCI Security Standards Council. The PCI DSS standard provides a definitive set of requirements for merchants seeking to maintain PCI DSS compliance.

What is PCI DSS Compliance?

Payment Card Industry Data Security Standard (PCI DSS) is a collection of security processes and protocols that make sure that all companies that accept, process, store or transmit card data keep a secure environment.

Our PCI solution is based on industry proven methodologies. Our GPCI and CISSP certified professionals designed this solution to meet all PCI service provider requirements.

As a key element of our turnkey solution, we take a consultative approach with clients to ensure that the dual requirements of PCI DSS are clearly understood prior to implementation. We then define a clear plan for merchants to achieve and maintain PCI compliance.

Client Testimonials

It’s reassuring to know that Hyve will take care of everything server-side so we can focus on doing what we do, building th... More

I like working with Hyve because they are honest, transparent and down to earth.They have a knack for taking even the most co... More

As a start up, we knew nothing of servers and hosts and went with the first one that was recommended. They were based in the ... More

Carluccio’s selected Hyve to host www.carluccios.com, and also manage its online ecommerce and website security. The site p... More

British Airways’ global audience means that traffic spikes can occur at any time of the day or night. Hyve’s cloud platfo... More

Running several sites for Tesco is a unique challenge when it comes to hosting, as with the click of a button potentially mil... More

Hyve provides LiveSource with a high-performance hosting platform in multiple global locations. It is great to partner with a... More

A very friendly and highly technical team available to extend all possible help at any time. Excellent services – all issue... More

My experiences with Hyve have been very good. The response time is quick so you don't spend your time on a telephone waiting.... More

The Hyve solution:

Our turnkey solution includes the following fully managed services: firewall, two-factor authenticated VPN, antivirus / anti-malware, intrusion detection, vulnerability assessment and notification, event management, file/system integrity monitoring, change control, patch management, project management, server configuration and management. Hyve’s physical security and policies and procedures meet or surpass PCI requirements and are audited annually by a Qualified Security Assessor. Clients can leverage Hyve’s Report on Compliance to fulfil on-site audit requirements.

15 Questions for your prospective PCI DSS Service Provider

Are you a PCI DSS certified service provider?
Do you provide clearly defined details of which requirements are my responsibility and which are the service providers?
Do you offer a two-factor authentication solution for my employees who require remote access to our solution?
Do you require your employees to use two-factor authentication when managing our solution?
Do you offer daily (or automated real-time) log review, and store those logs for the required one year retention period?
Do you protect the archived logs from modification via integrity checks and establish a verifiable chain of custody so that they may be used as forensic evidence?
Do you implement file and system integrity monitoring so you are alerted if any critical system settings or files are altered that result in putting our solution out of compliance?
Do you follow the proper four change control procedures as outlined by the PCI DSS specification (document impact and rollback procedures, receive management approval, and perform operational testing)?
Do you architect our solution into multiple VLANs and configure your network security devices in accordance with the PCI DSS specification?
Do you offer Patch Management Services to guarantee patches are applied within the required 30 days?
Do you have audited policies and procedures which adhere to section 12 of the PCI DSS?
Do you offer Intrusion Detection, Vulnerability Assessment, and Antimalware services?
Do you offer penetration testing?
Does your security staff have CISSP, CISA, CISM, GCPI, SCSA, Security+, and MSCE 2003: Security certifications?
Do you meet the physical security requirements including 90 days of video retention in your data centres?

PCI DSS Certificate 2020