System Architecture: Describe the overall application architecture, including applicable diagrams. Include a full description of the data communications architecture for all components of the system. Describe the recommended network security architecture for implementation of the system components. Include diagrams that expose any requirements for external security devices such as firewalls. Describe encryption technology employed for transmitting sensitive information over a TCP/IP network from user workstations to the server, and to customers. Describe all web-enabled features and functionality of the system. Describe all communication protocols used by the system. Describe your key management specifications, process, and procedures. Who has access to encryption keys? Credit Card Processing: Include documentation describing the systems’ ability to comply with Payment Card Industry Data Security Standards (PCI-DSS), and any features or capabilities of the system that must be added, enabled, disabled, or changed in order for the system to operate in compliance with the PCI-DSS standards. Has the software been validated as a PCI compliant payment application (“PAPB” certified)?
