{"id":2021,"date":"2012-08-28T00:00:00","date_gmt":"2012-08-28T00:00:00","guid":{"rendered":"http:\/\/otava.test\/disaster-recovery-backup-with-pci-hosting-providers\/"},"modified":"2025-11-07T06:36:50","modified_gmt":"2025-11-07T06:36:50","slug":"disaster-recovery-backup-with-pci-hosting-providers","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/","title":{"rendered":"Disaster Recovery &#038; Backup with PCI Hosting Providers"},"content":{"rendered":"<p>I wrote about <a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/\">PCI compliant hosting data storage<\/a> guidelines last week, and transparency with <a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/transparency-with-pci-hosting-providers-not-always-included\/\">PCI cloud hosting<\/a> providers in July, but not much focus has been placed on the PCI DSS standard 12.9.1 that requires organizations to create an incident response plan in the event of a system breach.<\/p>\n<p>As a PCI hosting provider, that translates into <a href=\"https:\/\/otavawebsite.wpengine.com\/solutions\/data-protection\/cloud-backup\/\">offsite backup<\/a> and <a href=\"https:\/\/otavawebsite.wpengine.com\/solutions\/data-protection\/disaster-recovery-as-a-service\">disaster recovery<\/a> as the complete incident response solution to ensure that data and applications are safe should any issues in availability or uptime arise. Some <a href=\"https:\/\/otavawebsite.wpengine.com\/compliance-security\/pci-compliant-cloud\/\">PCI hosting<\/a> providers will require you to set up, monitor, and maintain your own backups, so it\u2019s important to check their ability to fulfill the actual requirements while searching for a complete solution.<\/p>\n<p>What does the actual requirement entail? <strong>The PCI DSS incident response plan requires:<\/strong><\/p>\n<ul>\n<li>Roles, responsibilities, communication and contact strategies in the event of a system compromise, including:<\/li>\n<li>Specific incident response procedures<\/li>\n<li>Business recovery and continuity procedures<\/li>\n<li>Data backup processes<\/li>\n<li>Analysis of legal requirements for reporting compromises (for example, amount of time to notify, who to notify, state laws, industry laws, etc.)<\/li>\n<li>Coverage and responses of all critical system components<\/li>\n<li>Reference or inclusion of incident response procedures from the payment brands<\/li>\n<\/ul>\n<p>Creating an incident response team with designated responsibilities and roles, including a head Risk Management and Security Officer that will oversee incident response operations. Online Tech\u2019s Director of Operations also serves as our Risk Management and Security Officer, and all new and current employees have received security training per compliance requirements.<\/p>\n<p>[A complete disaster recovery and backup plan is also ideal for healthcare organizations that need to meet <a href=\"https:\/\/otavawebsite.wpengine.com\/compliance-security\/hipaa-compliant-cloud\/\">HIPAA compliance<\/a>. Read more about this in our <a href=\"https:\/\/www.onlinetech.com\/resources\/white-papers\/hipaa-compliant-data-centers\">HIPAA Compliant Hosting white paper<\/a>].<\/p>\n<p>Data at rest, including on portable digital media, backup media and in logs, must be encrypted, per PCI standard 3.4. Below is a diagram of Online Tech\u2019s offsite backup service which can be found in our <a href=\"https:\/\/web.otava.com\/pci-compliant-data-needs\">PCI Compliant Hosting white paper<\/a> that details other requirements you should expect your PCI hosting provider to provide:<\/p>\n<figure style=\"width: 590px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\" \" title=\"Offsite Backup\" src=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/offsitebackup.png\" alt=\"Offsite Backup\" width=\"590\" height=\"290\" \/><figcaption class=\"wp-caption-text\">Offsite Backup<\/figcaption><\/figure>\n<p><em><strong>Recommended Reading:<\/strong><\/em><br \/>\n<a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/incident-response-and-2012-cyber-threats-security\/\">Incident Response and 2012 Cyber Threats &amp; Security (Upcoming free webinar)<\/a><br \/>\n<a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/pci-compliant-hosting-data-storage-guidelines\/\">PCI Compliant Hosting: Data Storage Guidelines<\/a><br \/>\n<a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/pci-compliant-data-center-requirements\/\">PCI Compliant Data Center Requirements<\/a><br \/>\n<a href=\"https:\/\/otavawebsite.wpengine.com\/blog\/transparency-with-pci-hosting-providers-not-always-included\/\">Transparency with PCI Hosting Providers: Not Always Included<\/a><\/p>\n<p>References:<br \/>\n<a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/pci_dss_v2.pdf\">PCI DSS Requirements and Security Assessment Procedures, Version 2.0<\/a> (PDF)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I wrote about PCI compliant hosting data storage guidelines last week, and transparency with PCI cloud hosting providers in July, but not much focus has been placed on the PCI DSS standard 12.9.1 that requires organizations to create an incident response plan in the event of a system breach. As a PCI hosting provider, that translates into offsite backup and disaster recovery as the complete incident response solution to ensure that data and applications are safe should any issues in availability or uptime arise. Some PCI hosting providers will require you to set up, monitor, and maintain your own backups, so it\u2019s important to check their ability to fulfill the actual requirements while searching for a complete solution. What does the actual requirement entail? The PCI DSS incident response plan requires: Roles, responsibilities, communication and contact strategies in the event of a system compromise, including: Specific incident response procedures Business recovery and continuity procedures Data backup processes Analysis of legal requirements for reporting compromises (for example, amount of time to notify, who to notify, state laws, industry laws, etc.) Coverage and responses of all critical system components Reference or inclusion of incident response procedures from the payment brands Creating an&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2021","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Disaster Recovery &amp; Backup with PCI Hosting Providers | OTAVA<\/title>\n<meta name=\"description\" content=\"Explore how disaster-recovery and backup solutions from PCI-hosting providers can improve your business resilience and compliance.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Disaster Recovery &amp; Backup with PCI Hosting Providers\" \/>\n<meta property=\"og:description\" content=\"Explore how disaster-recovery and backup solutions from PCI-hosting providers can improve your business resilience and compliance.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-08-28T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-07T06:36:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/offsitebackup.png\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Disaster Recovery &#038; Backup with PCI Hosting Providers\",\"datePublished\":\"2012-08-28T00:00:00+00:00\",\"dateModified\":\"2025-11-07T06:36:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/\"},\"wordCount\":390,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/offsitebackup.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/\",\"url\":\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/\",\"name\":\"Disaster Recovery & Backup with PCI Hosting Providers | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/offsitebackup.png\",\"datePublished\":\"2012-08-28T00:00:00+00:00\",\"dateModified\":\"2025-11-07T06:36:50+00:00\",\"description\":\"Explore how disaster-recovery and backup solutions from PCI-hosting providers can improve your business resilience and compliance.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#primaryimage\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/offsitebackup.png\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/offsitebackup.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Disaster Recovery &#038; Backup with PCI Hosting Providers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Disaster Recovery & Backup with PCI Hosting Providers | OTAVA","description":"Explore how disaster-recovery and backup solutions from PCI-hosting providers can improve your business resilience and compliance.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/","og_locale":"en_US","og_type":"article","og_title":"Disaster Recovery & Backup with PCI Hosting Providers","og_description":"Explore how disaster-recovery and backup solutions from PCI-hosting providers can improve your business resilience and compliance.","og_url":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/","og_site_name":"OTAVA","article_published_time":"2012-08-28T00:00:00+00:00","article_modified_time":"2025-11-07T06:36:50+00:00","og_image":[{"url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/offsitebackup.png","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Disaster Recovery &#038; Backup with PCI Hosting Providers","datePublished":"2012-08-28T00:00:00+00:00","dateModified":"2025-11-07T06:36:50+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/"},"wordCount":390,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/offsitebackup.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/","url":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/","name":"Disaster Recovery & Backup with PCI Hosting Providers | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/offsitebackup.png","datePublished":"2012-08-28T00:00:00+00:00","dateModified":"2025-11-07T06:36:50+00:00","description":"Explore how disaster-recovery and backup solutions from PCI-hosting providers can improve your business resilience and compliance.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#primaryimage","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/offsitebackup.png","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/offsitebackup.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/disaster-recovery-backup-with-pci-hosting-providers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Disaster Recovery &#038; Backup with PCI Hosting Providers"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2021","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2021"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2021\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2021"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}