STANDARDS

Iron Mountain achieves PCI compliant status. Is your vendor PCI compliant?

This is an important advisory notice regarding requirements related to credit card transaction processing.

The threat of credit card data loss or compromise is a significant problem in our society. The Payment Card Industry (PCI) Data Security Standard exists to support secure practices in credit card processing and resulted from major credit card issuers aligning their individual security programs into an industry standard. The foundation of PCI was built from Visa's Cardholder Information Security Program (CISP). The standard provides the requirements that all entities storing, processing or transmitting cardholder data, must abide by.

The objective of the PCI program is to encourage companies to maintain a high level of security to protect cardholder information regardless of where it resides.

The compliance requirements fall within the following six areas:

Build and maintain a secure network
Protect cardholder data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy

It is mandatory for companies to comply and, further, to conduct business with only other PCI-compliant members - not doing so could be costly. Credit card companies can impose hefty fines reaching $500,000 per incident and your credit card processing services could be terminated. PCI compliance provisions should be included in third-party contracts as well.

Iron Mountain has taken an industry leading position on safeguarding customer information. To this end, we engaged the services of Cybertrust as an independent auditor to ensure and certify that our policies, systems and technologies comply with the (PCI) Data Security Standard. We are currently the only company in our industry validated as PCI compliant.

Iron Mountain's compliance within the program is defined as a Level 1 service provider. We engaged Cybertrust to perform an on-site audit, confirming compliance with the PCI Data Security Standard as of May 31, 2008 for our records management, data protection and shredding businesses. Iron Mountain is proud to be recognized on the list of "compliant service providers" published by Visa.

Click to view our letter of acceptance. To view the list of compliant service providers, or for more information on the PCI Data Security Standard visit: