International Data Group estimates that over 70% of the critical data small to medium sized businesses use every day, including e-mail and attachments, contacts, patient and customer records, and business documents are now stored on a PC.
Stafford Tech Center in Setauket Houses PCI DSS, SAS 70 & SSAE 16 Compliant Data Center
Major credit card companies have made it mandatory for merchants and credit card processors
to meet the strict network security rules that went into effect in 2005. Compliance with these
rules has not been wide spread and, because of the recent breaches in security, credit card
companies are cracking down and imposing large fines and preventing some large volume
companies from processing credit cards at all until these new security rules have been met.
Stafford Associates is in the process of becoming PCI Certified (Payment Card Industry Data
Security Standard). We hope to become the first PCI Certified Company in the Tri‐
State/Metropolitan area. PCI Certification will enable us to host credit card data from
companies that are not currently certified.
What is PCI DSS?
Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security practices
set forth by American Express, Discover, Japan Central Bank, MasterCard, and VISA to
protect cardholder data. It is an industry‐established policy requiring compliance by all
merchants and service providers that store, process, or transmit cardholder data.
Separate and distinct from the mandate to comply with the PCI Data Security Standard
is the validation of compliance whereby service providers like Stafford Associates verify
and demonstrate their compliance status. It is a fundamental and critical function that
identifies and corrects vulnerabilities, and protects customers by ensuring that
appropriate levels of cardholder information security are maintained.
When our new facility is completed, Stafford Associates will be proud to offer a fully
compliant State of the Art PCI Data Center that meets or exceeds the PCI Data Security Standars
SAS 70 Type II Compliant Data Center
Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
SSAE 16 Compliant Data Center
Statement on Standards for Attestation Engagements (SSAE ) No. 16, known as SSAE 16, has been put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). Its purpose was to replace an aging SAS 70 standard, but more importantly, one that would keep pace with the ever growing push for more globally accepted international accounting standards.
A look at SSAE 16 vs. SAS 70 can be seen as a natural evolution of the dated standard and a transition of power from one governing accounting principle authority to another. SSAE introduces new ideas, requirements, and a fresh approach to compliance reporting on controls at service organizations and the responsibilities of the service organization being audited.
The Stafford Associates data center, located in Setauket, New York, has been confirmed by an independent auditor to meet both SAS 70 Type II compliancy standards as well as the newly established SSAE 16 compliancy standards. By devoting substantial time and resources to SAS 70 compliance, our data center meets the highest standards in guaranteeing the safety and security of your information technology.
Call 631 962 2890 or 631 962 2891 for more information.
