ZNDC gains a competitive edge with PCI compliance certification from Galix
Obtaining international best practice certification from global authorities provides an assurance for customers that the ZNDC follows stringent security procedures.
The Zambia National Data Centre (ZNDC) is a dedicated data centre wholly owned by the government of Zambia and is one of the companies under the Industrial Development Corporation (IDC). The IDC is the business management arm of the Zambian government.
The ZNDC delivers a variety of secure, reliable and affordable solutions to customers from three dedicated and geographically separated sites within Zambia. These include cloud services, co-location, backup and storage, domain registration, Web sites and Web application hosting. In a bid to simplify compliance for customers running e-commerce and payment processing, the ZNDC took the decision to obtain Payment Card Industry Data Security Standard (PCI DSS) certification. As a result, it turned to Galix to deliver on the audit process.
Why PCI DSS?
Zeko Mbumwae, General Manager of the ZNDC, says: “We have been offering cloud and co-location services for the past three years and have a number of e-commerce merchants utilising our cloud platform. Obtaining international best practice certifications from global authorities is part of our strategic objectives, to add a layer of trust and confidence for our customers.
"The PCI DSS certification is a key requirement for our clients in the financial services sector in order to guarantee security assurance and protection of cardholder data for all transactions.”
Security is one of the chief concerns for many organisations looking to adopt cloud and shared services models. The PCI DSS standard provides an assurance for customers that the data centre follows stringent security procedures and processes.
“Our journey towards PCI DSS certification needed to be completed within a quarter. We were looking for an agile, dedicated and responsive company to meet the tight deadline we had set for ourselves. Galix was the ideal partner to help us achieve this as they are based within our region, are extremely organised and deadline-driven, and were able to meet all of our requirements within the deadline,” Mbumwae adds.
The PCI audit process
Galix began the audit process towards the end of February 2019, and the first site visit was held in March. The audit process consists of five phases: a pre-assessment, gap analysis and remediation, vulnerability scans and penetration testing, validation assessment and compliance, and then ensuring compliance is maintained.
The project was completed within three months of the original site visit and included two additional visits to ensure that the process was running smoothly. In May 2019, the ZNDC was certified as PCI DSS compliant.
Says Simeon Tassev, Managing Director and Qualified Security Assessor at Galix: “Although the data centre had a deadline to comply with PCI DSS in a quarter, we managed to assist the ZNDC to achieve compliance in a very short space of time. This is testament to the knowledge and dedication of the team at the ZNDC who were committed to the process from start to finish.
"The ZNDC is now the only PCI DSS certified data centre in Zambia, which certainly gives them a competitive edge and differentiator. Their clients now have the assurance that their systems and data are protected according to global best practice standards.”
A competitive advantage
By achieving PCI DSS compliance, the ZNDC removes a layer of cost and complexity for customers running e-commerce applications or processing payments. It also allows the ZNDC’s merchants to deliver secure, reliable and available services to their customers.
Tassev further explains that this, in turn, facilitates digital transformation and innovation, ultimately fostering development within the Zambian e-commerce industry.
“Beyond the trust and confidence that our clients and customers now have in us, PCI compliance helps us to benchmark and set standards for our security processes. It serves as a guiding principle to ensure that the way we manage our business and processes always has security top of mind and provides independent assurance that they meet the global standards as stipulated by the PCI Council,” Mbumwae concludes.