Attenda Limited, the UK's leading IT Service Operations company, today announced that it is Payment Card Industry (PCI) Data Security Standard (DSS) compliant, meeting a comprehensive set of security requirements designed to protect cardholder information. PCI DSS certification at Level 1 Service Provider status builds on Attenda's ISO27001, ISO 20000, and ISO 9001 accreditation and continues to demonstrate Attenda's ability to secure critical environments for its clients.
Attenda provides a comprehensive set of managed services which can help clients to better meet their wider compliance requirements. The Attenda PCI service is underpinned by the ongoing investment in the Attenda M.O. platform that delivers the technology, processes and people to enable Attenda to manage the scale and complexity of 24x7 operations, delivering higher service levels and improved security for over 134 clients.
"PCI DSS has been a necessary diversion into security for Travelodge as a business over the last few years, with almost all of our bookings through our website. The Attenda compliance department have already worked with us as part of one team through accreditation against two generations of the standard, and their new PCI accreditation and continuing investment into Attenda M.O. gives us the confidence and ability to concentrate on our core business," says Allan Campbell, Head of IT Operations at Travelodge.
Attenda M.O., Attenda's industry defining technology automation platform (attenda.net), is the result of this shared set of expert resources, working to ITIL best practice and with world-class supporting tool sets. The approach to PCI DSS accreditation was to expand the security capabilities of the Attenda M.O. platform tools and extending the existing ISO 27001 security controls and ITIL based processes as a strategic investment across the business. This investment is shared across the client base, which includes many of Europe's leading companies, allowing clients to selectively outsource their IT operations to Attenda.
The PCI-DSS has been established to prevent criminals from being able to abuse the storage, transmission and processing of card data. The standard is obligatory for every company who processes credit card details, not just the major online retailers. Severe fines, penalties or increased processing charges can be imposed on companies that do not comply with the standard. Companies that cannot demonstrate that they meet the specified requirements can be held liable for losses resulting from fraud.
Commenting on its gaining PCI DSS validated service provider status, Paul Morris, VP Client Service Delivery, says "We are delighted to be able to offer PCI DSS managed services to complement our existing critical applications management portfolio. We aim to build on over 5 years experience of helping our clients achieve PCI compliance and will provide continual investment in our platforms and services, enabling our clients to easily gain and maintain compliance."