Sign in to my dashboard Create an account

Payment Card Industry (PCI) Data Security Standard (DSS)

Magnify glass on gray background

JULY 2023

Foregenix, a Qualified Security Assessor, has performed the requisite audits of Instaclustr™ by NetApp® and issued an Attestation of Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) at Level 1—the highest level of transactions.

The PCI DSS is a set of security standards designed to improve payment account security and prevent fraud throughout the transaction process by increasing control of credit card data. Compliance with the PCI DSS is required of all companies that process, store, or transmit credit card information through the five major payment card brands: American Express, Discover, the Japan Credit Bureau (JCB), MasterCard, and Visa.

Based on the total transaction volume over a 12-month period, companies are evaluated and classified at one of four levels, ranging from Level 1 for companies processing over 6 million transactions annually to Level 4 with fewer than 20,000 transactions a year.

The PCI Security Standards Council (PCI SSC), an independent body created by the major payment card corporations, sets the standards, administers the PCI DSS, and manages its ongoing evolution.

NetApp and the PCI DSS

As a PCI-certified service provider, Instaclustr undergoes an annual PCI audit to confirm that it is maintaining the strict security protocols required by the payment card industry. NetApp engages Foregenix, a Qualified Security Assessor (QSA), to validate compliance with the PCI DSS through an assessment that includes quarterly vulnerability scans. In addition to the annual assessment, NetApp engages Foregenix anytime there’s a significant change to the Instaclustr platform. Instaclustr by NetApp has been certified as a Level 1 service provider.

Note that PCI DSS compliance of Instaclustr by NetApp doesn’t translate automatically to PCI DSS certification for the services that customers run on our accredited Instaclustr platform. Customers must engage their own QSA to validate that their services comply with PCI DSS requirements.

NetApp in-scope products and services

Instaclustr has four main offerings covered by PCI certification, which are currently restricted to AWS:

Audits, reports, and certificates

Frequently asked questions

Where can I get more information about the PCI DSS compliance of Instaclustr by NetApp?

For more details, including the full list of customer requirements for running a PCI-managed service, refer to the PCI compliance documentation.

What benefits does the PCI certification of Instaclustr bring to customers who are not using the PCI option?

The Instaclustr management network, which deploys, manages, and monitors all components of a customer’s data infrastructure, must comply with all required PCI controls. This means that even customers who do not elect PCI-level security on their own managed infrastructure still benefit from Instaclustr’s strict adherence to PCI security policies.

Back To Top

More information

Drift chat loading