The Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard defined by the Payment Card Industry Security Standards Council. PCI certification is required for organizations (merchants and service providers) that process credit card payments. The certification is designed to prevent credit card fraud through increased controls around data and its exposure to compromise.
Build and maintain a secure network
Protect cardholder data
Maintain a vulnerability management program
Implement strong security measures
Regularly test and monitor networks
Maintain an information security policy
A PCI Qualified Security Assessor (QSA) is authorized to perform an independent assessment and certify the environment. Cloud4C provides a secure environment that has been validated by a QSA, allowing merchants to establish a secure cardholder environment and to achieve their own certification, having confidence that their underlying technology infrastructure is compliant.
WAN aggregation layer- Aggregates the clinic and hospital WAN connections to the core.
Core layer-Highly available, high-speed area that is the central point of connectivity to all data center areas
Aggregation layer- Aggregates the services of one area and connects that area to the core
Services layer-Data treatment and manipulation occurs between access layer and aggregation layer
Access layer- Server-level access and connectivity between hosts/servers to the services and aggregation layers, depending on the nature of the application
Host/server farm- Physical servers, virtualized servers, and appliances' host applications
Storage- Storage area networks (SANs)
E-commerce/Health- Internet-based transactions for prescription renewals, payment of bills.
Internet/service provider edge demilitarized zone (DMZ)- Secure connectivity to the Internet
Partner edge DMZ- Secure segmented connectivity to partners, Architecture , PCI DSS and HIPAA.