Ory is now PCI DSS Compliant: What It Means for You

Ory has achieved PCI DSS (Payment Card Industry Data Security Standard) compliance, specifically the PCI DSS SAQ D for Service Providers, which enhances the company's identity and access management (IAM) capabilities by ensuring its infrastructure meets rigorous security standards. This compliance milestone, assessed by BARR Advisory, underscores Ory's dedication to providing secure and compliant services, allowing customers to benefit from reduced audit friction and strengthened security measures such as advanced encryption, strict access control, and continuous monitoring. CEO Jeff Kukowski emphasizes that this achievement reflects Ory's commitment to operational excellence and assures customers of the platform's capability to secure identities at scale, thereby aiding organizations in building secure and compliant identity experiences. Although Ory does not store or process financial cardholder data, the compliance is crucial for customers who need to maintain their own PCI DSS compliance, as it simplifies auditing processes and provides assurance of robust security controls. Ory encourages enterprise customers to request access to its Attestation of Compliance through their account manager or the Ory Trust Center, highlighting its transparency in security practices.