PCI DSS only requires self-assessment, based on criteria established by PCI (payment card industry).
PCI does not apply to Workplace, as we are not a payment card processing entity, however this may apply to our customers.
We have done an assessment of the Workplace service and meet the following as a service provider:
- Application Traffic Firewall
(Requirement 6.6) - Dual Factor Authentication for VPNs and Client Center
(Requirement 8.3) - Log Monitoring and Review
(Requirements 10.1, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6, 10.2.7, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, 10.3.6, 10.5.1, 10.5.2, 10.5.3, 10.5.4, 10.5.4, 10.6, 10.7) - File Integrity Monitoring
(Requirements 10.5.5, 11.5) - Intrusion Detection/Prevention System
(Requirement 11.4) - Vulnerability Scanning
(Requirements 11.2.1, 11.2.2, 11.2.3) - Managed Firewall with VPN
(Requirements 1.1.3, 1.2.1, 1.2.3, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 2.3, 4.1)