PCI Guidance and Planning
PCI is a complex topic with many provisions, and meeting the requirements for PCI compliance can be painstaking. What's more, provisions for reporting compliance can vary with different card brands. Understanding PCI is a discipline in itself, but few organizations can devote the time and effort to develop internal expertise in PCI. And questions abound: To whom should the organization report compliance? How are standards for PCI compliance different between franchises and corporate locations? Are requirements different for service providers than for merchants?
PCI can be especially challenging for smaller merchants, who may lack the dedicated information security or auditing staff needed to understand and respond to the self-assessment questionnaire. In addition, timelines for compliance may be tight, making a pre-assessment critical for ensuring that any holes in the organization's compliance readiness can be caught early; if caught during the onsite assessment, it may not be possible to ensure a full remediation before the compliance deadline, often resulting in fines.
Pre-assessment, workshops and PCI strategy sessions are key components of Secure Application's approach to the challenges above. Because customers' requirements are different, Secure Application creates customized consulting regimens for customers, according to those requirements. Secure Application provides an on-site Qualified Security Assessor (QSA) to act in a guidance and advisory role for a one-day PCI advisory discussion to help the company better understand its exposure to PCI compliance regulations - identifying gaps in its PCI-related solutions, devising a plan to address these gaps, and identifying a roadmap for future PCI compliance efforts.
- Secure Application uses a proven Data Discovery and Data Flow Analysis methodology to help you understand where cardholder data resides and how it is used in your environment.
- Dedicated, specialized QSA assistance helps you position your organization for success in its compliance efforts.
- Secure Application's early membership in the Visa and MasterCard payment card security programs gives you added assurance of achieving and maintaining PCI compliance.
- Secure Application is an approved PCI Qualified Security Assessor (QSA), PCI Authorized Scanning Vendor (ASV), and Visa Qualified Incident Response Assessor organization.
Secure Application provides a PCI Executive Workshop and Analysis focused on the appropriate Self-Assessment Questionnaire and overall Data Security Standard (DSS) as a first step for the organization in ascertaining the scope of its PCI liability.
The recommended PCI Executive Workshop and Analysis program addresses the following key components:
- Identifying the cardholder environment, including identification of all business units handling cardholder data and the associated processes surrounding cardholder data usage.
- Recommending the removal of cardholder data from identified areas.
- Reducing PCI compliance scope by leveraging segmentation, encryption, tokenization, or a combination of strategies (when removal of cardholder data is deemed not feasible).
- Documenting all areas of concern identified, developing a high-level diagram of the cardholder environment, and recommending steps for remediation.