At AOC Solutions, our highly secure system is designed to comply with:
- PCI DSS: Payment Card Industry Data Security Standard.
- FFIEC: Federal Financial Institutions Examination Council.
- HIPAA: Health Insurance Portability and Accountability Act.
- ISO 27002: Code of Practice for Information Security Management.
The standards vary, but their underlying premise does not: Keeping sensitive data secure is a fundamental business requirement.
AOC Solutions securely maintains credit card information in compliance with the highest industry standards. You can rest easier because your customers' credit card information is stored on highly secure servers in our dedicated network and world-class data centers.
Our systems are composed of many interoperable components working together to provide desired functionality. These system components include, but are not limited to, the following:
- Physical facility/Internet access infrastructure is contained within data centers built to withstand natural and man-made disasters and feature 24-hour security, access control, redundant power and air conditioning systems in addition to multiple connections to Tier-1 Internet providers.
- Network perimeter security and networking components including firewalls, routers, load balancers and switches are designed to provide the highest standards of both security and reliability.
- Intrusion detection techniques/methods including, but not limited to, network-based intrusion detection system, host-based intrusion detection systems, log-based and event management systems.
- Application and Web servers custom configured and hardened to deter inappropriate use.
- Strong data encryption for both communication and data storage, including use of 2048-bit SSL certificates and strong database encryption ciphers.
- Access-control mechanisms including, but not limited to, VPNs, passwords, tokens (also known as "reference value," "alias," or "key" certificates and access control lists).
- Policies and practices regarding the use, configuration and implementation of systems, including but not limited to, server hardening guidelines, implementation and use guidance from product providers and information security assessment standards.
AOC Solutions is annually assessed and certified to the PCI DSS and other requirements.