We're committed to ensuring the security of our infrastructure and our users' data. Our information security program is based on ISO/IEC 27002 guidelines and has been refined and updated across our more than 20 year history of shared, dedicated, and virtual server products for 10's of thousands of clients globally.
Each of the data center providers we colocate our equipment with enforces multiple layers of physical security via a variety of technological and human measures. Beyond that, all of our equipment is housed in video monitored and locked cages and/or cabinets.
We maintain full, strict control over root/sudo access to both our physical servers and client virtual machines. This allows us to fully control the use of IP address ranges, network interfaces, and active/available ports via managed firewall rules and all installed services running on a given client's virtual machines.
Our virtualization platform utilizes LXD, Ubuntu/Canonical’s pure-container hypervisor, to provide our clients bare-metal performance along with precise quality-of-service and resource quotas. While keeping things fast and quickly scalable, LXD more importantly keeps security as the most important factor using full logical container isolation by default. This is all wrapped up with full commercial support and updates via Ubuntu Advantage for Servers - Advanced and host patch management using the Ubuntu Landscape tool to track and deploy OS updates and security patches across our servers quickly and efficiently.
We only provide responses to such requests if the account requesting the audit/survey is a Custom Hosting Solution equal to or greater than $2500/month ($30k yearly) on a Yearly contract. A standalone per-request fee of $3000 is also available and must be paid in advance of our completion of the audit/survey. Please be aware our services are all provided "AS IS" in our Terms of Service and cannot be guaranteed to fit your specific project needs.
Yes, your credit card data is secure. We manage all subscription and invoicing services using PCI DSS Level 1 Compliant services from Chargify and our credit card payment gateway provider Stripe, also a PCI DSS Level 1 Compliant service.
Yes, you can be PCI DSS Compliant via two options. By offloading your e-commerce to compliant service providers, you are removing payment data ever passing through your website.
Alternatively, if you are passing any credit card data through your website on the way to a payment gateway, you will need to follow PCI Security Standards, including using a certified PCI audit/scanning company to verify your website is holding to those standards.
If there are ever any questions about a PCI report against your servers on Arcustech, our support and technical teams will be happy to assist with server-side related questions or concerns found in the PCI scan.