Choose a PCI Compliant Data Center
Relying on OnRamp, you’re meeting all PCI DSS 3.2 requirements for restricting physical access to cardholder data. OnRamp data centers address the specific requirements around infrastructure deployment and data protection, including PCI DSS requirements 9.1-9.8 and 9.10 defined below.
Watch a Data Center Tour
Ensure PCI Compliance: PCI DSS Requirements
PCI Compliance REQUIREMENT 9.1
“Use appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment.”
OnRamp’s data centers employ the most stringent physical security measures. Access to OnRamp’s facilities are regulated by security envelopes, with all critical areas requiring two-factor authentication, using a combination of card keys and biometric scanners.
To enter the facilities, all visitors must be authenticated in a bulletproof mantrap, a process in which OnRamp personnel match photo IDs with records of authorized access lists. All visitors are escorted by a member of the OnRamp NOC staff to their equipment. Once inside our facilities, visitors are monitored at all times by over 30 cameras which stream to hard drives in the NOC.
OnRamp maintains at least 90 days of video as part of our external audits and certification processes. OnRamp’s building management systems monitor several different critical facilities inputs. All of our infrastructure is located behind cages, requiring an additional layer of two-factor authentication to access.
PCI Compliance REQUIREMENT 9.2
“Develop procedures to easily distinguish between onsite personnel and visitors, to include:
- Identifying new onsite personnel or visitors (for example, assigning badges)
- Changes to access requirements
- Revoking or terminating onsite personnel and expired visitor identification (such as ID badges)”
OnRamp employs an advanced, electronic visitor management system and has documented processes and procedures for identifying and distinguishing between onsite personnel and visitors.
Any visitor to our facilities is authenticated by an authorized OnRamp employee, a process in which OnRamp personnel match the visitor’s photo ID with records of authorized access lists. Once authenticated, visitors are required to wear an OnRamp-issued badge which has a set expiration time. Any change to access requirements is made by OnRamp’s security team.
PCI Compliance REQUIREMENT 9.3
“Control physical access for onsite personnel to the sensitive areas as follows:
- Access must be authorized and based on individual job function
- Access is revoked immediately upon termination, and all physical access mechanisms, such as keys, access cards, etc., are returned or disabled.”
OnRamp limits physical access to sensitive areas to only authorized personnel with a legitimate business need. When employees leave the organization, all physical access mechanisms are promptly returned or disabled upon their departure to ensure personnel cannot gain physical access to the facility once their employment has ended.
PCI Compliance REQUIREMENT 9.4
“Implement procedures to identify and authorize visitors.”
OnRamp has stringent visitor controls to ensure visitors to our facilities are identified as visitors so personnel can monitor their activities and so that their access is restricted to just the duration of their legitimate visit. Visitors that are authenticated must surrender their photo ID to the NOC personnel before being granted access to the data center and escorted by a member of the OnRamp personnel to their equipment. All visitors are logged in the visitor management system which maintains a physical audit trail of visitor activity. Visitor badges are returned upon expiry or completion of the visit.
PCI Compliance REQUIREMENT 9.5
“Physically secure all media.”
Physical security in OnRamp’s data centers is arranged in “security envelopes” with all critical areas including data halls, NOCs and critical systems, accessed only by two-factor authentication.
PCI Compliance REQUIREMENT 9.6
“Maintain strict control over the internal or external distribution of any kind of media.”
OnRamp tracks all internal media as well as any media that is sent offsite to secure backup facilities.
PCI Compliance REQUIREMENT 9.7
“Maintain strict control over the storage and accessibility of media.”
OnRamp has a data center infrastructure management system to identify and classify all media inside of our facilities.
PCI Compliance REQUIREMENT 9.8
“Destroy media when it is no longer needed for business or legal reasons.”
OnRamp maintains a Systems Development Life Cycle process that governs the acquisition, deployment, maintenance and disposal of equipment exposed to sensitive data. We enforce a strict Media Sanitization Policy that is compliant with NIST standards for appropriately rendering storage media unreadable and unrecoverable.
PCI Compliance REQUIREMENT 9.10
“Ensure that security policies and operational procedures for restricting physical access to cardholder data are documented, in use, and known to all affected parties.”
OnRamp maintains documented policies and procedures for interaction with sensitive data and regularly trains all personnel on the procedures to notify customers in the event a security breach occurs with their infrastructure.