Pico Public Cloud

Trust & Compliance Center

Pico Public Cloud meets the highest standards of security, compliance, and operational excellence. All certifications are independently audited and current.

Certifications & Standards

PCI-DSS

Payment Card Industry Data Security Standard: a globally recognised security standard for organisations handling cardholder data. Our infrastructure is independently audited to meet all 12 PCI-DSS requirements, including encrypted transmission, access control, and regular network monitoring.

Safely process, store, and transmit credit card data on Pico Public Cloud without additional compliance overhead.

ISO 27001:2022

International standard for Information Security Management Systems (ISMS). Our ISMS covers risk assessment, security policies, asset management, access control, cryptography, physical security, and incident response: audited annually by an accredited certification body.

Your data is protected by a world-class information security framework that is continuously improved and independently verified.

ISO 27017:2015

International code of practice for information security controls based on ISO 27002 specifically for cloud services. It provides guidance on cloud-specific security responsibilities for both cloud service providers and customers, including data segregation, virtual environment security, and customer cloud governance.

Cloud-specific security controls that clearly define shared responsibility, giving you transparency on what we secure and what you manage.

ISO 22301:2019

International standard for Business Continuity Management Systems (BCMS). It ensures our organisation can maintain or rapidly resume critical operations during and after disruptions: whether from natural disasters, cyberattacks, or infrastructure failures.

Your workloads stay online through disruptions with tested disaster recovery and business continuity plans.

ISO 27005:2022

International standard for Information Security Risk Management. It provides a systematic framework for identifying, assessing, treating, and monitoring information security risks across our infrastructure, platforms, and processes.

Risks to your data and services are proactively identified and mitigated before they can impact your operations.

ISO 9001:2015

International standard for Quality Management Systems (QMS). It certifies that our processes for service delivery, customer support, incident management, and continuous improvement meet globally recognised quality benchmarks.

Consistent, reliable service quality with measurable processes and continuous improvement across all operations.

SOC 2 Type II

Service Organization Control report: a rigorous audit of our controls over security, availability, processing integrity, confidentiality, and privacy. The Type II report covers controls in operation over a minimum six-month period, tested by an independent CPA firm.

An independently verified assurance that our security controls are not just designed properly but operate effectively over time.

Bangladesh Bank Guidelines on Cloud Computing

Compliance with the Bangladesh Bank circular BRPD(B-1)/661/2016-1528 (March 2023) governing cloud computing adoption by financial institutions in Bangladesh. This includes data localisation, risk assessment, customer consent, and regulatory reporting requirements.

Financial institutions can adopt Pico Public Cloud with full confidence that our operations meet Bangladesh Bank regulatory requirements.

Bangladesh Bank Guideline on ICT Security

Adherence to the Bangladesh Bank ICT Security Guideline covering governance, risk management, network security, access control, data protection, vulnerability management, and incident response for financial institutions operating in Bangladesh.

Banks and financial services firms can meet their ICT security compliance obligations using Pico Public Cloud infrastructure.

SAP S/4HANA Certified Hardware

Our hardware is certified by SAP to run SAP S/4HANA and SAP NetWeaver workloads. This covers server, storage, and networking configurations that meet SAP's rigorous performance and availability standards.

Run SAP S/4HANA on certified hardware with guaranteed performance, stability, and full SAP support.

FIPS 140-2 Level 3

Federal Information Processing Standard: a US government standard for cryptographic modules. Level 3 requires physical tamper-resistance, identity-based authentication, and automated zeroisation of plaintext keys. Our HSM infrastructure meets this standard.

Protect sensitive cryptographic keys with hardware security modules that meet the highest government-grade security requirements.

Regulatory References

Bangladesh Bank guidelines governing cloud computing and ICT security for financial institutions in Bangladesh:

Data Center Regions

Kaliakair Region

Kaliakair, Gazipur, Bangladesh

Tier III equivalent · 5 MW power, 1,000+ server racks

  • N+1 redundant power and cooling
  • Multi-homed fiber connectivity (BDIX, BDCON)
  • Physical access control with biometrics
  • 24/7 on-site security and monitoring

Jashore Region

Jashore, Bangladesh

Tier III equivalent · 3 MW power, 500+ server racks

  • N+1 redundant power and cooling
  • Diverse fiber paths to major IXPs
  • Seismic-rated construction
  • Disaster recovery ready

Data Sovereignty

All customer data resides within Bangladesh's borders. Our Kaliakair and Jashore data centers are fully owned and operated, ensuring complete control over data residency, security, and compliance with Bangladeshi regulations (BB Cloud Computing Guidelines, BB ICT Security Guideline, Data Protection Act).

Enterprise customers can request audit reports, penetration test results, and compliance documentation via our Trust Center portal.