Return to Events

IIJ-Tech Acquires PCI DSS Certification as Security Standard for Its Own Cloud Services

dl button PDF [58 KB] 23 March 2010
IIJ Technology Inc.

TOKYO--March 23, 2010--IIJ Technology Inc. (IIJ-Tech), an IIJ group company and system integration service provider, today announced that they successfully acquired Payment Card Industry Data Security Standard (PCI DSS) certification for the IIJ GIO cloud service as of January 29, 2010.

PCI DSS is a global security standard for the credit card industry created jointly by the five major international payment brands--JCB, American Express, Discover, Mastercard, and VISA--to protect the personal information and transaction information of card member's when handled by retailers and payment processors. Network construction, card member data protection, vulnerability management, access control, network monitoring and testing, information security policy improvement, and a total of 12 conditions and more than 200 items make up this certification system, based on very detailed regulations that go as far as specifying information system specifications. Because of these stringent conditions, even companies outside of the credit card industry have adopted the PCI DSS standard to handle important information.

As cloud services become more widely used, more service providers will maintain and manage important data such as confidential information and corporate customer data. This means that service providers will need service infrastructure construction, operation, and administration services with a higher level of security, but there are still no objective standards or qualifications that customers can use to evaluate cloud service security. In contrast, IIJ-Tech has established the IIJ GIO operational and administrative infrastructure on the PCI DSS standard, thus clarifying the security level of the service infrastructure, and providing customers with an objective standard for evaluation. This gives customers the confidence they need to build their corporate information system environment on IIJ GIO. If the customer should want to obtain PCI DSS certification for the system that they build on the cloud, both the corporate system and the cloud system must meet the requirements for operational and administrative infrastructure. Thus, by using IIJ GIO and its PCI DSS-certified operational and administrative infrastructure, they only have to focus on meeting the conditions for their corporate system, greatly shortening the time required for certification.

The IIJ Group will continue to expand the IIJ GIO lineup and improve the service infrastructure to provide our customers a safe and secure cloud service.

PCI DSS Certification Summary

Registration date January 29, 2010
Certification number 10015007
Certification scope IIJ GIO Operational and Administrative Infrastructure

About IIJ Technology Inc.

IIJ Technology Inc. (IIJ-Tech) was established in November 1996 to spread out IIJ's superior network technology and forward vision to provide the system building and operation services to fill customers' expectations. IIJ-Tech builds Internet business systems and corporate information systems, as well as builds and operates many systems for government and financial institutions and systems for e-commerce, financial transactions, ISP/ICP, extranets, intranets, and ASPs. More information about IIJ-Tech is available at (Japanese Text only).