• Overview
    Key features
    • Observability
    • Auto-scaling
    • Multiframework
    • Security
    Frameworks
    • Django
    • Next.js
    • Drupal
    • WordPress
    • Symfony
    • Magento
    • See all frameworks
    Languages
    • PHP
    • Python
    • Node.js
    • Ruby
    • Java
    • Go
  • Industries
    • Consumer Goods
    • Media/Entertainment
    • Higher Education
    • Government
    • Ecommerce
    Use cases
  • Pricing
  • Agencies
    Resources
  • Overview
    Learn
    Company
    Featured articles
    • Switching to Platform.sh can help IT/DevOps organizations drive 219% ROI
    • Organizations, the ultimate way to manage your users and projects
  • Support
  • Docs
  • Login
  • Request a demo
  • Free Trial
Trust Center
Meet Upsun. The new, self-service, fully managed PaaS, powered by Platform.sh.Try it now
Trust CentersecurityPCI compliance

PCI compliance

Refer to our Compliance Guidance for an overview of our PCI-compliant program, including security & compensating controls, and a general allocation of responsibility.

Overview

Payment Card Industry (PCI) Data Security Standards (DSS) is a set of network security and business best practice guidelines that establish a “minimum security standard” to protect payment card information. While Platform.sh doesn’t handle credit cards, many of our customers do.

Platform.sh undergoes an annual third-party audit to maintain PCI DSS recertification. Note that the FR-1 and FR-3 regions are excluded from our PCI certification.

Note: Cardholder processing activity is discouraged. Please use a third-party processor.

Responsibility

Customers who want to run PCI workloads on Platform.sh must agree to and implement the measures contained in the Platform.sh PCI Responsibility Matrix (Excel). This document provides guidance on shared responsibilities to achieve PCI DSS compliance using PCI DSS v4.0 as a reference.

While Platform.sh provides a secure and PCI compliant infrastructure, the customer is responsible for ensuring that the environment and applications that they host on Platform.sh are properly configured and secured according to PCI requirements. Failure to do so will result in a non-compliant customer environment.

Our most current PCI DSS report can be obtained from a sales or account representative.

Leader Winter 2023
Company
AboutSecurity and complianceTrust CenterCareersPressContact us
Compare
Heroku alternativePantheon alternativeAcquia alternativeAWS alternativeGCP alternativeAzure alternativeManaged hostingKubernetes alternativeFly.io alternativeRender alternative
Resources
BlogROI CalculatorDownloadsDemosSupport CenterWhat is FleetOps?CI/CD on Platform.shPartner portalRegions map
Product
PricingWhat is Platform.sh?What can you run on Platform.sh?Drupal cloud hostingWordPress cloud hostingResources Auto-ScalingObservability Suite
Thank you for subscribing!
  •  
Field required
Leader Winter 2023
System StatusPrivacyTerms of ServiceImpressumWCAG ComplianceAcceptable Use PolicyManage your cookie preferencesReport a security issue
© 2024 Platform.sh. All rights reserved.
Supported by Horizon 2020's SME Instrument - European Commission 🇪🇺