When you choose a PCI Compliance Services provider experience should be a heavily weighted variable in the decision making process. Our experts know how to simplify reports for executive and then lay out all the technical findings for those who are interested in such details. Making us an excellent choice for any organization looking to achieve PCI Compliance without overspending.
The PCI Data Security Standard (DSS) was built by the PCI Security Standards Council (PCI-SSC) and is enforced by the payment card brands. For example, American Express, Discover Financial Services, JCB International, Visa Inc, and MasterCard Worldwide. They were designed to encourage and enhance cardholder data security and promote global adoption of consistent data security measures.
The PCI-DSS Standard is comprised of 12 broad requirements which organizations must meet to maintain compliance. The requirements for what must be submitted to confirm compliance vary depending on the merchant and card brand or issuer. PCI-DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process, or transmit cardholder data.
Now we have grown in size, added new service offerings, and constantly stayed up to date with new compliance initiatives but our commitment is the same… No matter the size, mandate, or hurdle, we provide every customer with care and a streamlined solution.
Our Company was founded with an ample concentration on Compliance, hence being PCI QSAs, this was our comfort zone. Moving forward we were confident that our + 20 years’ experience would assist us in providing services for our clients at an exceptionally high level. Now we have been in business for over 10 years serving customers across the globe with cybersecurity & compliance solutions. Over the years we have added to our service offerings and stayed up to date with new compliance initiatives but our commitment to client satisfaction remains the same. No matter the size, mandate, or hurdle, we provide every customer with care and a streamlined solution.
PCI Compliance requirements are detailed in the PCI SSC Quick Reference Guide. An individual company’s level of compliance with the requirement can vary depending on the stage of adoption of the standard. Companies can be planning for, implementing or maintaining the requirements based on how new the requirement is for their organization. However, to report PCI compliance all 12 PCI-DSS requirements and security assessment procedures must be validated as “in-place”, or “in-place” via compensating control, or a result of a requirement being ―Not Applicable.
Requirement #1: Install and maintain a firewall and router configuration to protect
cardholder data.
Requirement #2: Do not use vendor-supplied defaults for system passwords and other
security parameters.
Requirement #3: Protect stored cardholder data.
Requirement #4: Encrypt transmission of cardholder data across open, public networks.
Requirement #5: Use and regularly update anti-virus software or programs.
Requirement #6: Develop and maintain secure systems and applications.
Requirement #7: Restrict access to cardholder data by business need to know.
Requirement #8: Assign a unique ID to each person with computer access.
Requirement #9: Restrict physical access to cardholder data.
Requirement #10: Track and monitor all access to network resources and cardholder data.
Requirement #11: Regularly test security systems and processes.
Requirement #12: Maintain a policy that addresses information security for all personnel.
Assuming that all PCI Compliance requirements have been met through a PCI-QSA the following steps are required for reporting on PCI compliance:
Need Assistance With Your PCI DSS Compliance?
We can answer all of your PCI questions and concern contact us and one of our consultants will be in contact with you shortly.
