PlanetScale is committed to building the best database, and a significant part of that commitment is building in enterprise-grade security at every step along the way.
We are pleased to announce that PlanetScale Managed on AWS has been issued an Attestation of Compliance (AoC) and Report on Compliance (RoC), certifying our compliance with the PCI DSS 4.0 as a Level 1 Service Provider. This enables PlanetScale Managed to be used via a shared responsibility model across merchants, acquirers, issuers, and other roles in storing and processing cardholder data.
The Payment Card Industry Data Security Standard (PCI DSS) is a widely known set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Version 4.0 is the latest iteration of the PCI DSS, bringing with it several key improvements around continuous monitoring, authentication and authorization, secure software development, and response to evolving threat landscapes.
In order to achieve compliance after sufficient security controls are in place, an entity must be audited by a qualified security assessor (QSA). PlanetScale Managed on AWS has completed this process and is compliant with Version 4.0 today, as 4.0 becomes the required version of the standard in early 2024.
This PCI milestone is the result of a months-long, cross-functional collaboration between our Security, Engineering, and Operations teams, resulting in the significant evolution of our policies, practices, and systems around authentication, logging, access management, and network security. It represents not only our heightened commitment to compliance, but also a tangible improvement to the core standards and procedures supporting our products.
As we grow, so do the security and compliance needs and expectations of our customers, and we are continuously committed to showcasing security as a core tenant of both our culture and our products. While compliance and security are not one in the same, we consider our commitment to the PCI DSS another marker of trust between PlanetScale and our customers, enabling them to rely on PlanetScale as a trusted component in their increasingly complex data environments.