Compliance standards

In road traffic and virtual traffic alike, uniform standards define clear rules that are essential for safety and security. This is why Airlock Suite meets all the main international compliance standards – from PCI DSS and OWASP to MAS.

General Data Protection Regulation (GDPR): More than just consent management!

Most people currently associate the GDPR (the EU's General Data Protection Regulation, which is scheduled to enter fully into force on 25 May 2018) with rules governing consent for the use of personal data and rights for data subjects, such as the ‘right to be forgotten’. Yet the GDPR also introduces obligations in respect of appropriate and state-of-the-art protection for personal data and implementation of the principle of data protection by design and by default. The necessary steps must therefore be taken to ensure compliance in this regard. Read our Whitepaper written by Martin Kuppinger to learn more.

Meeting PSD2 Challenges!

PSD2 will require two major technology thrusts: exposing and securing APIs for banking functions, and presenting strong authentication options for financial customers. Banks have to open up many of their core banking functions to enable the PSD2 ecosystem where Third Party Providers (TPPs) can directly initiate payment transfers and aggregate account information. Banks, TPPs, or even other FinTechs much present strong, risk-adaptive authentication methods for financial customers to use. Moreover, PSD2 even mandates the use of transactional and session-level runtime risk assessments. Few banks and FinTechs are in a position today to meet these technical requirements. Read our Whitepaper "Meeting PSD2 Challenges!" written by John Tolbert, Senior analyst KuppingerCole or watch the recorded webinar.

Payment Card Industry Data Security Standard (PCI DSS)

Companies that process credit card transactions are obliged to comply with the credit card industry's data protection guidelines. Large eCommerce companies should also have the security of their networks verified by an external body every three months. The most efficient way of meeting these requirements is to implement the upstream Airlock web application firewall (WAF). It ensures that protection is always fully up to date, with no need for constant changes to all your web applications or adaptations to counter new threats. Read our whitepaper about PCI DSS compliance.

EBA Guideleines to strengthen requirements for the security of internet payments across the EU

The European Banking Authority issued guidelines to strengthen requirements for the security of internet payments across the EU. Concerned about the increase in frauds related to internet payments, the EBA decided that the implementation of a more secure framework for internet payments across the EU was needed. These Guidelines are based on the technical work carried out by the European Forum on the Security of Retail Payments (SecuRe Pay). With the Airlock Suite you get the needed central policy enforcement tool to fullfill the policy reuirements.


The Open Web Application Security Project (OWASP) regularly draws up a list of the major international security challenges.
The focus here is on tools and concepts for secure development, and on protecting web applications. The Airlock team constantly monitors this information and incorporates it into Airlock Suite by issuing software updates. Read more in our whitepaper about the OWASP Top 10

Monetary Authority of Singapore (MAS)

The data protection guidelines of the Monetary Authority of Singapore (MAS) are highly important in the world of international finance. For this reason, Airlock WAF and IAM are entirely compliant with the MAS guidelines, and they protect sensitive data with the help of HSM and end-to-end-encryption.


The Airlock Suite is the first security vendor outside the antivirus industry receiving the EICAR certificate proofing to have no backdoors.

The EICAR Trustworthiness Strategy is to enhance transparency in the contemporary IT Security environment and its ever evolving threats and vulnerabilities scenario and to enable trust into IT Security products that help creating a safer environment.

The Airlock Suite is fullfilling all those requirements.


  • OWASP Top Ten
  • Two-factor authentication
  • Auditing
  • MAS