InstaSafe | Does the ISA Solution have PCI DSS Compliance?

Does the ISA Solution have PCI DSS Compliance?

ISA Solution Overview

InstaSafe Secure Access (ISA) is a Zero-Trust Identity-centric remote access solution based on the principles of Software Defined Perimeter (SDP) where every device must be pre-attested before it can ‘connect’ to the network followed by verification of the identity of the user using MFA leading to knowing exactly what device was being used and by whom to access which application. Application access is based on a need-to-know model - users are able to only ‘see’ and ‘access’ the data, that they have prior approval to see or access. Admins can grant a user specific access depending on the role of the user in the organization. This is in stark contrast to traditional access solutions that typically suffer from over-provisioning by providing complete network access.
  1. SDP is the stealth technology for IT security making workloads and network resources invisible to everyone, drastically reducing the attack surface
  2. Only Authenticated Users and Authorized Devices are able to 'see' and access applications based on the principle of least-privilege
  3. Application access no longer requires access to the network
  4. Zero Trust adopts a  “verify and never trust” approach before delivering application access
  5. Application segmentation, without network segmentation connects users to allowed apps limiting lateral movement
  6. Granular Role-based Access Policies, with the entire solution deployed in a matter of minutes

What is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment. The PCI DSS prescribes minimum requirements for payment card industry with a focus on improving customer account safety throughout the transaction process.

For whom is PCI DSS required?

PCI DSS compliance is exclusive to payment processing industry. It applies to any organization, that accepts, transmits or stores any cardholder data.

Does the ISA Solution require PCI DSS Compliance?

The ISA Solution does not accept or store any payment related information and thus services provided by Instasafe do not fall under the scope of PCI DSS compliance. Furthermore, Instasafe does not handle any client data and any information passing through the ISA servers are end to end encrypted and hence inaccessible even to Instasafe. The ISA Solution also employs a multi-tenant architecture which ensures traffic and data of every customer is logically isolated from the others.

Even though PCI DSS compliance is not a requirement for Instasafe, provisions/security standard as per PCI DSS are maintained.
  1. All data including backups are stored within a secure network with stringent access control rules
  2. All access to data requires multiple authentications to be passed
  3. All stored data and data passing through ISA servers is encrypted
  4. Instasafe follows a rigorous vulnerability management process comprising of automated as well as manual scanning with no compromise on security
  5. Vulnerability management process is ingrained in SDLC and any detected vulnerability is resolved as soon as it is flagged
  6. The entire infrastructure is constantly monitored

If you are an Admin of the organization's ISA Account and have any queries in this regard, contact InstaSafe Support