Unlike SSAE16/SAS70 certification for our datacenters and physical infrastructure which are valuable and substantive, PCI Compliance is total bullshit and everybody knows it.
But you can't fight city hall.
So, we do in fact update our PCI compliance quarterly and are happy to provide overall and site-specific PCI Compliance documentation to fulfill any aspect of your due diligence or reporting requirements.
We know it's not your fault and we'll help you get your job done.
This Reminds Me of a Funny Story ...
The rsync.net platform is so simple and stripped of extra functions that our first PCI scan vendor, in 2006, could not actually verify that we were up and running.
That's right - we offered so little attack surface for their scans that they (incorrectly) assumed we were offline.
In 2015, our platform only answers on port 22 with OpenSSH. That's it.
Asking if rsync.net is PCI Compliant is like asking if an army tank has a front bumper.
Oh yeah, the reports.
The 2015 PCI compliance report for the (combined) rsync.net mail and www server, from Comodo (yeah, I know) is here.
Here is an example PCI compliance report for one of our storage arrays - in this case, in our Denver location - usw-s007.rsync.net.
When you become a customer and choose an rsync.net location we will provide you with a PCI report specifically generated for your location as well as the SAS70/SSAE16 compliance reports (US locations only).
We also welcome site visits and inspections of our facilities from prospective customers.
You, or your CEO, may find our CEO Page useful.
Contact firstname.lastname@example.org for more information, and answers to your questions.