SECURITY AND COMPLIANCE

Security | GDPR Overview | GDPR DPA

Security

Overview

We're committed to ensuring the security of our infrastructure and our users' data. Our information security program is based on ISO/IEC 27002 guidelines and has been refined and updated across our more than 20 year history of shared, dedicated, and virtual server products for 10's of thousands of clients globally.

Physical Security

Each of the data center providers we colocate our equipment with enforces multiple layers of physical security via a variety of technological and human measures. Beyond that, all of our equipment is housed in video monitored and locked cages and/or cabinets.

OS Controls

We maintain full, strict control over root/sudo access to both our physical servers and client virtual machines. This allows us to fully control the use of IP address ranges, network interfaces, and active/available ports via managed firewall rules and all installed services running on a given client's virtual machines.

OS Security and Patching

Our virtualization platform utilizes LXD, Ubuntu/Canonical’s pure-container hypervisor, to provide our clients bare-metal performance along with precise quality-of-service and resource quotas. While keeping things fast and quickly scalable, LXD more importantly keeps security as the most important factor using full logical container isolation by default. This is all wrapped up with full commercial support and updates via Ubuntu Advantage for Servers - Advanced and host patch management using the Ubuntu Landscape tool to track and deploy OS updates and security patches across our servers quickly and efficiently.

Customer Requested Security Audits or Surveys

We only provide responses to such requests if the account requesting the audit/survey is a Custom Hosting Solution equal to or greater than $2500/month ($30k yearly) on a Yearly contract. A standalone per-request fee of $3000 is also available and must be paid in advance of our completion of the audit/survey. Please be aware our services are all provided "AS IS" in our Terms of Service and cannot be guaranteed to fit your specific project needs.

PCI Compliance

Is Arcustech PCI DSS Compliant?

Yes, your credit card data is secure. We manage all subscription and invoicing services using PCI DSS Level 1 Compliant services from Chargify and our credit card payment gateway provider Stripe, also a PCI DSS Level 1 Compliant service.

Can my website become PCI DSS Compliant on Arcustech?

Yes, you can be PCI DSS Compliant via two options. By offloading your e-commerce to compliant service providers, you are removing payment data ever passing through your website.

Alternatively, if you are passing any credit card data through your website on the way to a payment gateway, you will need to follow PCI Security Standards, including using a certified PCI audit/scanning company to verify your website is holding to those standards.

If there are ever any questions about a PCI report against your servers on Arcustech, our support and technical teams will be happy to assist with server-side related questions or concerns found in the PCI scan.

Follow us on Threads @ArcustechUSA

Copyright 2012-2024 Arcustech, LLC. All rights reserved. MSP

Fully managed NVMe SSD VPS hosting for Craft CMS, WordPress, Laravel, ExpressionEngine and other popular php/mysql web applications and frameworks.

Logos/trademarks are the property of their respective owners and do not constitute an association, affiliation or sponsored relationship with the entities in any way.