Guidewire Software, Inc. (NYSE: GWRE), provider of the industry platform Property and Casualty (P&C) insurers rely upon, today announced it has, for the third consecutive year, successfully completed a passing Payment Card Industry Report of Compliance (PCI ROC), demonstrating its compliance with the PCI DSS* (Data Security Standard) for Guidewire InsurancePlatform™ products hosted via Guidewire Cloud™, the company’s cloud environment. Additionally, the company announced that it is now a globally compliant Third-Party Agent** with VISA, demonstrating an extra level of commitment to protecting the financial data of its customers and their policyholders.
“Data security remains a top area of concern for insurers when moving their mission-critical systems to the cloud,” said Karen Furtado, Partner, Strategy Meets Action. “Guidewire is taking significant steps to ensure that its customers and their policyholder data is protected in its cloud environment which will help allay these concerns.”
“We are doing the hard work needed to assure our customers that their policyholder credit card transactions are secure as they move to Guidewire Cloud,” said Kirk Sanford, chief information security officer (CISO), Guidewire. “We believe we are the only insurance industry platform provider to have secured this level of compliance accreditation which should help give our customers confidence in our Guidewire Cloud environment running on Amazon Web Services (AWS).”
“Completing a PCI ROC and obtaining a PCI AOC (Attestation of Compliance) demonstrates the commitment Guidewire is making towards ensuring that the financial data we manage on behalf of our customers in Guidewire Cloud, remains secure,” said Oleg Ganopolskiy, group vice president, Cloud Operations and Support, Guidewire. “Our VISA TPA registration is an added layer of security for our customers.”
PCI DSS, PCI ROC –The Payment Card Industry Security Standards Council (PCI SSC), comprised of the five major credit card networks, created the PCI Data Security Standard (PCI DSS) to improve the security of cardholder information and to facilitate global consistency in data security standards. The PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. It consists of 12 categories of requirements and testing procedures to ensure that these requirements are met. In terms of validating that a cloud service is compliant with the PCI DSS, service vendors can complete a PCI Self-Assessment Questionnaire (SAQ) or, to provide independent validation, they can hire a third-party Qualified Security Assessor (QSA) to produce a Report of Compliance (ROC). Guidewire has done the latter.
** Registered VISA Third Party Agent - All service providers who have access to cardholder data must comply with the required data security requirements prior to beginning services and must be registered in the VISA Agent Registration Program for inclusion on the Visa Global Registry of Service Providers. PCI DSS compliance validation is required every 12 months for all Level 1 and Level 2 service providers.
Guidewire has previously announced its successful completion of independent SOC 1 and SOC 2 Type 2 compliance audits for Guidewire InsurancePlatform™ products hosted via Guidewire Cloud™, the company’s cloud environment. Additional Guidewire viewpoint on the data security topic can be accessed here.