Onehouse Achieves PCI Compliance Certification

Onehouse is proud to announce that we have achieved Payment Card Industry Data Security Standard (PCI DSS) certification. This achievement, conducted by Accorian, represents another step in our ability to serve the full range of data-driven use cases and customers.

This new credential, widely described as simply “PCI certification,” is the gold standard for protection of customer information. It is often required of companies that supply services or software to financial services companies, as well as other organizations that deal with sensitive data. PCI certification attests that Onehouse has robust technical, operational, and physical security controls for sensitive data.

Why PCI DSS Certification?

PCI certification is often required for companies that handle sensitive customer data, such as bank account, credit card, name and address, and other personally identifiable information (PII). PCI certification is designed to reduce the risk of data breaches and fraud, ensuring that customer data is well-protected.

As the PCI Security Standards Council says, “PCI SSC standards and resources help protect the people, processes, and technologies across the payment ecosystem to help secure payments worldwide.”

And PCI certification is not simply about achievements at a specific point in time. It includes a demonstrated commitment to education around security topics and continuous improvement in the promulgation and implementation of relevant security standards and practices.

PCI and the Big Picture

PCI certification is not a standalone achievement for Onehouse. Data security is part of the core value proposition that Onehouse offers. Our commitment to security also includes:

• Secure data storage. The Universal Data Lakehouse is built around a secure architecture that allows users to keep data secure in their virtual private cloud (VPC) account, with a single copy of data serving multiple use cases, and without the need to copy data tables to a vendor’s infrastructure.
• Data isolation. Onehouse does not access nor copy user data. The Onehouse managed service simply manages metadata relating to user data tables, so data belonging to Onehouse customers is not exposed.
• Strict permissions management. Onehouse functionality includes a robust implementation of role-based access control (RBAC), allowing granular control for each individual data lake. RBAC is supported by audit logs for verification and auditability of the effectiveness of security controls.
• SOC 2 Type II certification. Last year, Onehouse achieved the System and Organization Controls 2 (SOC 2) Type II certification, meeting the standards of a widely used cybersecurity framework developed by the American Institute of Certified Public Accountants (AICPA). 

Within this robust commitment to security at all levels, PCI certification ensures that the data management practices used by Onehouse meet the highest standards. For more information on all of the above, see our Secure Architecture Solutions page.

Next Steps

Onehouse empowers customers to create fast, open, simple, secure data architecture that meets the highest standards. If you are interested in achieving the benefits of the Onehouse managed service for yourself, sign up to try Onehouse for free. And if you would like copies of our SOC I2 Type 2 or PCI DSS certificates, email us. 

‍