Elastic is happy to announce Payment Card Industry Data Security Standard (PCI DSS) compliance for Elastic Cloud. You can now use Elastic Cloud services for cardholder data storage in a PCI-compliant manner across all Elastic Cloud regions.
PCI DSS outlines a set of security standards for organizations that accept, transmit, or store cardholder data. Providers must maintain a vulnerability management program, implement strong access controls, regularly monitor and test networks, and follow other standards that cover technical and operational system components.
Elastic, in conjunction with a third-party auditor, completed a PCI Data Security Standards Level 1 Service Provider assessment and was found to be compliant by the PCI Security Standards Committee’s Cloud Computing Guidelines. Elastic customers may request our PCI Responsibility Matrix, which details how compliance roles and responsibilities are shared between Elastic and its customers when working with PCI data.
Customers also have the option to request our PCI DSS Attestation of Compliance (AOC), an attestation completed by a Qualified Security Assessor (QSA) that documents the evidence that Elastic upholds security best practices to protect cardholder data. Upon request, customers receive a copy of our Report on Compliance (ROC), detailing Elastic’s security posture, environment, systems, and protection of cardholder data.
Have an Elastic Cloud use case that requires PCI DSS compliance? Contact your Account Executive to request these documents and bring the power of the Elastic Cloud platform to all your PCI data.