Total Marketing Concepts, Inc.

OpSource Achieves Level 1 PCI DSS Compliance

Achievement Demonstrates Compliance with Rigorous Payment Card Security Standards, Eases Compliance for On-Demand Companies


Santa Clara, CA -- (ReleaseWire) -- 02/21/2008 -- OpSource™, the SaaS delivery experts, has announced Level One compliance with the Payment Card Industry Data Security Standard (PCI DSS). Trustwave, a leading provider of information security and compliance management solutions to businesses and organizations throughout the world, performed the PCI DSS review.

PCI DSS is the payment card industry security standard for entities that process, transmit or store cardholder data, and has been endorsed by all the major card brands – Visa Inc., MasterCard Worldwide, Discover Network, American Express and JCB. The payment card brands require that on-demand applications that accept credit card information use PCI compliant service providers such as OpSource. Doing so assures the security of payment card information collected by companies who deliver their on-demand applications via the comprehensive, award-winning OpSource On-Demand™ Web application delivery platform.

Under the PCI DSS, payment service provider compliance requirements are segmented into different levels based on the number of transactions processed and/or transmitted annually. Through its Level One PCI DSS compliance validation, OpSource can support any on-line application, regardless of the volume of credit card information stored, processed, or transmitted. This level of compliance validation is required of any service provider supporting customers storing, processing, or transmitting an aggregate of greater than one million transactions or accounts per year.

In order to successfully comply with the Level One PCI DSS, merchants and service providers must demonstrate compliance with 12 requirements in categories such as building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program and maintaining an information security policy. As a Level One service provider, OpSource demonstrated its compliance by successfully undergoing a stringent, annual, on-site PCI data security review covering over 250 compliance points.

“OpSource’s Level One PCI DSS compliance was a critical factor in our choice of OpSource to deliver our application,” said Brian Kelly, CEO, Quaris. “Quaris wants to provide the most secure, on-demand analytics solution possible and thanks to OpSource, the scope of requirements that we needed to concern ourselves with in order to demonstrate compliance in our own PCI DSS assessment was greatly reduced. Many of the requirements were already covered under OpSource’s assessment, saving us a great deal of time, effort, and money. In addition, OpSource’s Level One compliance provides us, and in-turn our customers, with much greater security assurance than we would have experienced with a Level Three service provider that didn’t submit to an independent, on-site evaluation.” Quaris provides on-demand business intelligence solutions, which facilitates higher-value analytics at an absolute fraction of traditional business intelligence costs.

Ray Solnik, president and COO, OpSource, said, “Whether it’s infrastructure, 24x7 end user support, billing, customer on-boarding or regulatory compliance, our customers know we’ll go the extra mile to help them succeed. Ensuring that our customers’ sensitive data is protected is of paramount importance to us. Trustwave provided us with a detailed report that any OpSource customer, and their end users, may review to see the strength of our security measures. In addition, customers that have applications subject to other regulatory requirements such as the Health Insurance Portability and Accountability Act and Sarbanes-Oxley can take advantage of our secure environment to address those other requirements. OpSource On-Demand is also SAS 70 Type II audited, certified by and WebEx, and complies with the European Safe Harbor Privacy Principles. We are fast becoming a one-stop shop for SaaS companies that want to go-to-market quickly.”

A consortium of major payment card companies developed the PCI DSS to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. The payment card companies require acquiring banks to ensure that any company that processes, stores or transmits payment card data demonstrates PCI DSS compliance or risk losing its authorization to process credit card payments.

About OpSource On-Demand

A comprehensive, award-winning Web application delivery platform, OpSource On-Demand enables companies to quickly and securely offer applications on demand. OpSource On-Demand is the only complete platform for Web application delivery. Going beyond managed hosting, the OpSource On-Demand platform includes:

• Best-in-class scalable software, hardware and network infrastructure
• Application management and tuning
• 24x7 customer-branded end-user support
• 100 percent uptime guarantee for infrastructure and application
• Best practices: SAS 70 Type II audited, Level 1 PCI DSS compliant; AppExchange and WebEx certifications; European Safe Harbor; and Microsoft Gold Partner certified
• Services bus allowing easy integration of customer or third-party Web services that accelerate revenue generation
• Fully integrated PCI DSS compliant billing solution including customer on-boarding, pricing, payment and collections
• Application analytics that offer insight into the performance and usage of the on-demand application
• The industry’s only Success-Based PricingSM, a unit-based pricing model that allows businesses to begin with a modest minimum commitment and scale expenses as revenues increase

About OpSource
OpSource™ delivers Web applications and software-as-a-service for on-demand companies, with hundreds of applications, millions of users and billions of transactions supported daily. OpSource On-Demand, the leading platform for Web application delivery, is defining how Web-based software is delivered. By choosing OpSource as their Web application delivery partner, companies are freed from investing in and managing the complex and costly infrastructure and services necessary to deliver applications over the Web. They can instead focus their resources on developing, marketing and selling their applications and services. OpSource On-Demand is suitable for companies at any stage of growth, with any type of on-demand application. OpSource is the only company to offer Success-Based Pricing℠, a unit-based pricing model that allows businesses to begin with a modest minimum commitment and scale expenses as revenues increase.

Headquartered in Santa Clara, CA, OpSource has Web application delivery centers in Virginia, London and Bangalore. For more information about OpSource, visit

OpSource, OpSource On-Demand and the OpSource logo are trademarks of OpSource, Inc. Success-Based Pricing is a service mark of OpSource, Inc. All other trademarks and company names mentioned are protected by their respective owners.

For additional information, please contact:

Richard Dym
OpSource, Inc.

Jay Farlow
Total Marketing Concepts, Inc.