The Zambia National Data Centre (ZNDC) is a dedicated data centre wholly owned by the Government of Zambia and is one of the companies under the Industrial Development Corporation (IDC).the IDC is the business management arm of the Zambian government. ZNDC delivers a variety of secure, reliable and affordable solutions to customers from three dedicated and geographically separated sites within Zambia. These include cloud services, co-location, backup and storage, domain registration, websites and web application hosting. In a bid to simplify compliance for customers running eCommerce and payment processing, the ZNDC took the decision to obtain Payment Card Industry Data Security Standard (PCI DSS) certification. As a result, they turned to Galix to deliver on the audit process.
Why PCI DSS?
Zeko Mbumwae, General Manager of ZNDC says, “We have been offering cloud and co-location services for the past three years and have a number of eCommerce merchants utilising our cloud platform. Obtaining international best practice certifications from global authorities is part of our strategic objectives, to add a layer of trust and confidence for our customers. The PCI DSS certification is a key requirement for our clients in the financial services sector in order to guarantee security assurance and protection of cardholder data for all transactions.”
Security is one of the chief concerns for many organisations looking to adopt cloud and shared services models. The PCI DSS standard provides an assurance for customers that the data centre follows stringent security procedures and processes.
“Our journey towards PCI DSS certification needed to be completed within a quarter. We were looking for an agile, dedicated and responsive company to meet the tight deadline we had set for ourselves. Galix was the ideal partner to help us achieve this as they are based within our region, are extremely organised and deadline-driven, and were able to meet all of our requirements within the deadline,” Mbumwae adds.
The PCI audit process
Galix began the audit process towards the end of February 2019 and the first site visit was held in March. The audit process consists of five phases: a pre-assessment, gap analysis and remediation, vulnerability scans and penetration testing, validation assessment and compliance, and then ensuring compliance is maintained. The project was completed within three months of the original site visit and included two additional visits to ensure the process was running smoothly. In May 2019 ZNDC was certified as PCI DSS compliant.
Says Simeon Tassev, Managing Director and Qualified Security Assessor at Galix, “Although the data centre had a deadline to comply with PCI DSS in a quarter, we managed to assist ZNDC to achieve compliance in a very short space of time. This is testament to the knowledge and dedication of the team at ZNDC who were committed to the process from start to finish. ZNDC is now the only PCI DSS certified data centre in Zambia, which certainly gives them a competitive edge and differentiator. Their clients now have assurance that their systems and data are protected according to global best practice standards.”
A competitive advantage
By achieving PCI DSS compliance, the ZNDC removes a layer of cost and complexity for customers running eCommerce applications or processing payments. It also allows ZNDC’s merchants to deliver secure, reliable and available services to their customers.
Tassev further explains that this in turn facilitates digital transformation and innovation, ultimately fostering development within the Zambian eCommerce industry.
“Beyond the trust and confidence that our clients and customers now have in us, PCI compliance helps us to benchmark and set standards for our security processes. It serves as a guiding principle to ensure that the way we manage our business and processes always has security top of mind and provides independent assurance that they meet the global standards as stipulated by the PCI Council,” Mbumwae concludes.