January 22, 2014 - Ipswitch File Transfer's MOVEit Cloud environment is now certified for compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) 2.0 requirements for Level 1 Service Providers. Ipswitch is the first Managed File Transfer (MFT) service provider to announce PCI certification. To support customers in demonstrating PCI compliance, Ipswitch is offering a PCI Compliance Toolkit as an add-on to the MOVEit Cloud service.

MOVEit Cloud Now PCI Certified

Companies that store, process or transmit sensitive cardholder data can incorporate Ipswitch’s PCI Report on Compliance (RoC) for the MOVEit Cloud service in their third party compliance assessments. Relying on MOVEit Cloud and its RoC will help organizations reduce the cost and time associated with achieving PCI compliance by drastically reducing the scope of annual audits. Companies not required to comply with PCI DSS can also take comfort in the independently validated, industry leading security standards and processes protecting their data.

Ipswitch’s Level 1 Service Provider certification covers 100 percent of the requirements for PCI DSS 2.0 and offers the following benefits:

• Proven, compliant and vigilant security that supports secure managed file transfer needs and lowers risks of exposure.
• Reduced time and resources needed to achieve and maintain PCI compliance.
• Packaged PCI-Certified Environment that includes documentation and best practices for a streamlined approach to achieving and maintaining PCI compliance.

PCI Compliance Toolkit

Ipswitch is offering a PCI Compliance Toolkit as an annual purchase add on to MOVEit Cloud that includes all the tools customers need to demonstrate MOVEit Cloud’s PCI certification within the scope of their PCI assessment, performed by an independent QSA. The Toolkit includes:

• Additional terms and conditions for PCI, including breach notification: Customers can understand Ipswitch’s commitment to its MOVEit Cloud PCI certification and rely on notification of relevant incidents as described in the service agreement.
• Executive Summary of Report on Compliance (RoC): The RoC contains the MOVEit Cloud assessment results, as performed by an independent QSA, which is evidence of the MOVEit Cloud certification for a customer’s QSA.
• Responsibility Matrix of Controls: The Matrix of Controls is a line-by-line guide for MOVEit Cloud customers intent on demonstrating compliance, which tells them which controls they are responsible for, and which controls MOVEit Cloud is managing for them.
• MOVEit Cloud Compliance Report: Ipswitch offers a report that will capture information, from MOVEit Cloud logs and settings, needed to demonstrate compliance.
• Support in working with your Qualified Security Assessor: Ipswitch’s compliance team will provide counsel and support for customers with questions and best practices on demonstrating PCI compliance using MOVEit Cloud.

Executive Perspective

“PCI certification for MOVEit Cloud marks an industry first and further solidifies Ipswitch’s leadership position for developing and deploying secure MFT solutions,” said Steve Hess, vice president of Product Management, Ipswitch File Transfer. “Security is infused in our DNA, and through the PCI Compliance Toolkit, we’ll be able to impart this expertise to our customers.”

“Ipswitch’s decision to make its cloud environment compliant with PCI DSS is an important move for the company, but also for the entire cloud delivery model,” noted Michael Osterman, principal analyst with Osterman Research. “By enabling PCI compliance in a leading cloud offering, particularly in the wake of recent revelations about more than 100 million cardholders’ information being compromised, retailers and others can be more confident about using the cloud to manage their sensitive data.”