The data centers of firstcolo (diva-e Datacenters GmbH) in Frankfurt am Main are certified by TÜV according to the norm ISO/IEC 27001:2013 and with multiple sites.
The main emphasis of the recertification was put to continuous adherence and further development of the Information Security Management System (ISMS) along firstcolo’s entire value chain. Key elements of the audit were both the business’ internal processes as well as the interfaces to customers and suppliers. The data center got a positive evaluation in terms of documentation and continuous development of the ISMS, the SOP’s (Standard Operation Procedures) and the BCM (Business Continuity Management) in all fields. All previously set KPI’s (Key Performance Indicators) in the areas of confidentiality, integrity and availability were either met or exceeded in both quality and quantity.
Tier 3 Data Center
The data centers in Frankfurt have also been certified by TÜV as “Certified Tier 3 Data Center”. The certification focuses on availability of information technology infrastructures and compliance with the legislation on data protection and fundamental IT security.
The different tiers provide information regarding availability, whereby tier 3 represents a “highly available data center 24×7”. In terms of infrastructure, the certification gives insight regarding the energy supply of the data center. Additionally, it provides information about the risk minimization via supporting technical systems and through connection to a highly efficient and reliable data network.
Furthermore, TÜV examined the operational management with focus on maintenance, fault clearance and servicing processes. The latter being necessary for an unrestricted operation of the technical infrastructure. Lastly, the requirements according to ISO/IEC 27001 were also examined within the scope of the IT security audit.
firstcolo has the globally recognized PCI-DSS (Payment Card Industry Data Security Standard) certification. The PCI-DSS certification guarantees security standards that are legally required for the processing and storage of credit card data. The PCI-DSS security standard is designed to protect online merchants and end customers from fraudulent attacks, credit card misuse and theft in payment transactions.
Strict security standards must be demonstrated in order to obtain PCI-DSS certification. In this context, the protection of online merchants and end customers always has top priority. Fraudulent attacks are not uncommon in card transactions in the financial sector – making it all the more important to have an IT infrastructure that meets even the highest security standards. This is the only way to ensure that transfers are processed appropriately and responsibly.
The validity of the PCI-DSS certification can be tracked online.