Entities that store, process, or transmit cardholder data must comply with PCI DSS (Payment Card Industry Data Security Standard). The standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure. The standard focuses on information security policy, cardholder data security, access control, network security and monitoring, and organizational vulnerability management. The primary purpose of the reports is to provide clients and prospective clients (and their financial statement auditors) with confidence in the effectiveness of controls at an organization, as well as peace of mind in the operations and security of the facilities. The American Institute of Certified Public Accountants (AICPA) has developed these reports to allow organizations that provide services focused on information systems to convey trust and confidence in their service delivery processes and controls.
PCI DSS compliance attests that the receiving organization adheres to extremely rigorous standards. The reports, which were performed by an independent third party assurance and assessment organization, includes a description of Lumos Data Centers systems as well as the design and operating effectiveness of the controls.