# Managed Service

Tieto offers EGW as a fully managed service, providing merchants and banks with a reliable, secure, and scalable payment infrastructure—without the overhead of managing underlying systems.

## Who it suits

Organization that want to minimize overhead leverage instant scalability, and offload technical complexities. This model is ideal for organizations seeking rapid deployment, continuous compliance, ad a hassle-free payment solution that requires minimal in-house management.

## Key Characteristics of Managed Service Deployment

* Hosted in the EU Region -EGW is deployed within secure public cloud infrastructure located in the European Union, ensuring full adherence to European data protection regulations.
* End-to-End Management - Tietoevry handles all aspects of solution hosting, including infrastructure, updates, monitoring, backups, and compliance.
* Zero Infrastructure Footprint - No setup or maintenance responsibilities for the solution owner (e.g.acquiring bank) —Tietoevry takes care of everything.
* High Availability and Performance - Built on resilient infrastructure with geographic redundancy and SLA-backed uptime guarantees.
* Effortless Scalability - Scale up as needed without worrying about performance or capacity planning.
* Continuous Platform Improvements - New features, regulatory updates, and enhancements are deployed regularly with minimal disruption.

## PCI DSS Compliance of the EGW Solution

The E-Commerce Payment Gateway (EGW) is fully PCI DSS compliant, ensuring that all cardholder data is processed, transmitted, and stored in a secure and industry-compliant environment.

This compliance applies across all deployment models, whether Managed Service or On-Premises, and reflects Tietoevry’s commitment to maintaining the highest level of payment security and trust.

### Scope of PCI DSS Compliance

EGW’s compliance covers:

* Card Data Transmission and Processing - All card payment data handled by EGW is encrypted and processed within PCI DSS-certified infrastructure.
* Tokenization and Sensitive Data Protection - EGW supports merchant tokenization and does not store raw cardholder data. All sensitive data is tokenized and encrypted in transit and at rest.
* Secure Interfaces and APIs - EGW APIs follow PCI DSS security requirements for authentication, encryption, access control, and audit logging.
* Certified Hosting Environment - The managed service version of EGW is hosted in PCI DSS-certified public cloud data centers located in the European Union.
* Operational Security Controls

  Including:

  * Role-based access management
  * Strong authentication mechanisms
  * Logging and audit trails
  * Regular penetration testing and vulnerability scanning

## Audits and Certification

* EGW undergoes annual PCI DSS audits conducted by a Qualified Security Assessor (QSA).
* The solution is listed on Visa/Mastercard’s list of validated service providers (upon request).
* Documentation such as the Attestation of Compliance (AOC) and Responsibility Matrix is available for solution owner (e.g. acquiring banks) under NDA.