PCI DSS Compliance

Last Reviewed: November 2025
Next Review Due: November 2026

RELIANOID PCI DSS Compliance Statement

RELIANOID is committed to upholding the highest standards of security and data protection. While RELIANOID is not formally PCI DSS certified, our Load Balancer solution and all associated organizational operations — including support, development, and delivery — are aligned with the Payment Card Industry Data Security Standard (PCI DSS). This alignment applies to all deployment models (on-premises, cloud, and hybrid), as our software and operational processes are consistent across environments.

Scope of Applicability

The RELIANOID Load Balancer is engineered for secure traffic management, TLS termination, and network segmentation, making it suitable for operation within or alongside the Cardholder Data Environment (CDE). It can be deployed with segregated traffic, which is considered best practice for protecting cardholder data (CHD) and sensitive authentication data (SAD). RELIANOID handles only network transport and does not store or process CHD. Our solution is used across finance, e-commerce, healthcare, government, and other sectors where PCI DSS compliance is essential.

Alignment with PCI DSS Requirements

• Requirement 1 – Network Security: Network segmentation, firewall integration, ACL enforcement, and support for IDS/IPS integrations to isolate CDE traffic.
• Requirement 2 – System Configuration: Hardened default configurations and secure deployment templates, supported by documented change control processes.
• Requirement 3 – Protect Stored Data: No persistent storage of CHD by the Load Balancer; sensitive data is processed only in transit.
• Requirement 4 – Encryption in Transit: Strong TLS protocols (TLS 1.2/1.3) and PCI DSS-approved cipher suites to ensure secure transmission of sensitive data.
• Requirement 6 – Secure Development: Secure coding practices, static analysis, manual code reviews, automated vulnerability scanning, and patch management (applied monthly or quarterly, depending on criticality).
• Requirement 7 – Access Control: Role-based access control (RBAC) and least privilege enforcement, fully configurable and regularly reviewed as part of our Quarterly Security Compliance Report.
• Requirement 10 – Logging & Monitoring: Comprehensive traffic and event logging, SIEM integration, and continuous monitoring of CDE-relevant events.
• Requirement 11 – Testing: Weekly vulnerability scans and quarterly penetration testing with continuous improvement tracking.
• Requirement 12 – Policy & Governance: Documented security, encryption, and incident response policies aligned with PCI DSS. All available at RELIANOID Security & Compliance Portal.

Governance & Risk Management

RELIANOID maintains strong governance practices aligned with PCI DSS through documented policies including Business Continuity & Disaster Recovery and Third-Party Risk Management. Vendor and supply chain risks are reviewed quarterly as part of our Quarterly Security Compliance Report, ensuring all providers meet equivalent security standards.

Data Security & Privacy

Our approach to sensitive information protection is defined in the Data Processing Agreement and Global Data Segregation & Privacy Policy. These address PCI DSS encryption, retention, and segregation requirements for protecting CHD and SAD.

Incident Response & Business Continuity

In the event of a security incident, RELIANOID follows its documented Incident Response Procedures to rapidly contain, assess, and remediate threats. For PCI DSS-relevant incidents, escalation and communication timelines are determined by criticality, ranging from 1 hour to 24 hours. Service availability is maintained according to our Service Level Agreement (SLA).

Document Reviews

Contact and Assurance

We welcome requests for detailed security documentation, risk mapping matrices, or PCI DSS compliance disclosures.

Contact our Compliance & Security Team

Download Latest Security Report