This article applies to customers transmitting payment card data (PCI-DSS).
(Article initially published / modified: 2020-09-04 / 2020-09-04)
XMedius has established a set of guidelines to help you configure your Cloud account in accordance with a wide range of security requirements. Among the supported requirements is the Payment Card Industry Data Security Standard, or PCI-DSS, which governs the security of Credit Card Information.
XMedius Compliance Measures
XMedius has been audited by an independent Qualified Security Assessor (QSA) and has obtained a Level 1 Service Provider certification (the highest level a Service Provider can get). This ensures that the XMedius Cloud platform provides the necessary security controls to protect Credit Card data.
In other words, when you use our Solutions to transmit data related to Credit Card Information, XMedius provides the functionality, security controls and compliance/certifications you need to fully meet the PCI-DSS requirements.
The XMedius Cloud platform enables a wide variety of functionalities designed to meet different customer needs – and not all these functionalities meet PCI-DSS requirements. The PCI-DSS Attestation of Compliance (AOC) obtained by XMedius is only valid when the Solutions are used in the context described in this guide.
Complying with PCI-DSS is a joint responsibility, and you are responsible for maintaining the configuration of your account in accordance with the definitions found in this document when transmitting or storing Credit Card data through our Solutions.
Moreover, the fact that XMedius provides several security controls to protect the data on its cloud platform does not discharge you from protecting that same data once it is outside of the XMedius Cloud environment.
For more information on your responsibilities, please refer to the page Security Roles and Responsibilities
Download the Guide
Download the full guide here: XMedius Cloud Solutions PCI-DSS Configuration Guide