• Overview
    Key features
    • Observability
    • Auto-scaling
    • Multiframework
    • Security
    • Django
    • Next.js
    • Drupal
    • WordPress
    • Symfony
    • Magento
    • See all frameworks
    • PHP
    • Python
    • Node.js
    • Ruby
    • Java
    • Go
  • Industries
    • Consumer Goods
    • Media/Entertainment
    • Higher Education
    • Government
    • Ecommerce
  • Pricing
  • Featured articles
    • Switching to Platform.sh can help IT/DevOps organizations drive 219% ROI
    • Organizations, the ultimate way to manage your users and projects
  • Support
  • Docs
  • Login
  • Request a demo
  • Free Trial
Meet Upsun. The new, self-service, fully managed PaaS, powered by Platform.sh.Try it now
Cover image

Platform.sh is compliant with PCI DSS Level 1

12 May, 2020
Joey Stanford
Joey Stanford
VP, Data Protection & Compliance

Platform.sh has recently completed audits of our processes to ensure compliance with Payment Card Industry, Data Security Standard (PCI DSS) Compliance Level 1. This means our systems and processes have passed the highest level of evaluation by third-party auditors to ensure the security of payment card data.

What PCI DSS means for Platform.sh customers

This certification enables Platform.sh customers to certify their PCI DSS Level 1 e-commerce applications based on any technology Platform.sh supports, including Magento, WooCommerce, Drupal Commerce and many others.

The completed PCI audit is the latest of our efforts to ensure the highest levels of security for our customers. It joins our existing SOC 2 Type 2 certification and our compliance with the European GDPR, German BDSG, Canadian PIPEDA, and the Australian Privacy Act.

While Platform.sh provides key layers of security for all customers, the certification of a particular customer application requires individual audits. Platform.sh has recently introduced the Elite tier of service to offer assistance with such audits.

For complete details on customer and Platform.sh responsibilities, please see our documentation.

The unique approach to PCI DSS at Platform.sh

In addition to rigorous processes governing the management of our infrastructure, Platform.sh has developed new technologies to help ensure compliance and security for our customers who need to audit their applications for PCI DSS.

We have developed a customer-configurable outbound firewall enabled through Platform.sh configuration files. This allows customers to limit IP addresses that their application can connect to specific addresses or ranges.

We have also developed a proprietary container-aware anti-malware and file integrity monitoring solution. This system allows for real-time detection of attempted malicious behavior that violates our containment model. Our 24x7 security response team is alerted to suspicious behaviors.

Running PCI DSS Level 1 audited applications on Platform.sh

Our internal auditing procedures, security and operational processes, and technology approach are shared across all customer instances and product tiers. However, assistance with customers' own auditing process requires the Elite tier of Platform.sh service. For details on getting started, customers can contact their account manager or the Platform.sh sales team.

Get the latest Platform.sh news and resources

Related Content

We can’t wait for SBOMs to be demanded by regulation

We can’t wait for SBOMs to be demanded by regulation

AboutSecurity and complianceTrust CenterCareersPressContact us
Thank you for subscribing!
Field required
Leader Winter 2023
System StatusPrivacyTerms of ServiceImpressumWCAG ComplianceAcceptable Use PolicyManage your cookie preferencesReport a security issue
© 2024 Platform.sh. All rights reserved.
Supported by Horizon 2020's SME Instrument - European Commission 🇪🇺