“It's rare these days to deal with a business which has the core value, or even the mere veneer, of supporting the client; your values are represented by every employee of XMission I've had the pleasure of dealing with.”

- R.W.
  Murray, Utah

PCI Compliant

XMission is PCI DSS SAQ Certified

“It's rare these days to deal with a business which has the core value, or even the mere veneer, of supporting the client; your values are represented by every employee of XMission I've had the pleasure of dealing with.”

- R.W.
  Murray, Utah

What is the PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) was developed by the PCI Security Standards Council many years ago to provide "an actionable framework for developing a robust account data security process - including preventing, detecting and reacting to security incidents." While the credit card industry outlines policies and procedures specifically intended to handle credit card security, the best practices required for compliancy extend well beyond keeping customer credit card data safe.

Why is XMission PCI Compliant?

Since XMission processes thousands of customer credit cards every month, we have been maintaining PCI compliancy for years. As a hosting and colocation provider, XMission is required to complete the most rigorous SAQ (Self-Assessment Questionnaire) validation, Type 5: SAQ v2 D.

Why does it matter?

The PCI Data Security Standard and supporting documents represent a common set of industry tools and measurements to help ensure the safe handling of sensitive information. To reduce the risk of compromise and mitigate its impacts if it does occur, it is important that all entities storing, processing, or transmitting cardholder data be compliant.

Post-mortem compromise analysis has shown common security weaknesses that are addressed by PCI DSS, but were not in place in the organizations when the compromises occurred. PCI DSS was designed and includes detailed requirements for exactly this reason—to minimize the chance of compromise and the effects if a compromise does occur.

What does this mean for XMission customers?

Note that while XMission's compliancy is likely essential for your colocated and hosted servers to earn compliancy, you must still complete your own PCI DSS SAQ if you process credit cards in our data center to satisfy the requirements of your merchant bank. Documents, including a copy of the SAQ are available here .

For more information about PCI DSS, refer to the PCI Security Standards Council website .

Read XMission's security statement (0.5MB PDF).