PCI DSS Compliance
BSI Info-Assure’s experienced team of QSA’s have developed a “one-stop-shop” set of PCI DSS compliance services aimed at assisting both merchants and service providers to quickly and effectively achieve compliance. The service portfolio also provides ongoing compliance maintenance as part of an organisation’s overall business-as-usual (BAU) security strategy.
BSI Info-Assure QSA’s have adopted this approach across a number of industry sectors including retail, telecoms, IT services, financial services, transportation, central government and local authorities.
Our trusted methodology is defined by the following six key phases;
- Project Information & Scoping
- Define and validate the scope of any PCI assessment.
- Gap Analysis and Risk Assessment
- Determine level of overall compliance against the PCI standard and conduct a risk assessment for the cardholder data environment.
- Remediation Planning
- Detailed action plan outlining and prioritising required security controls to be implemented.
- Remediation Activity
- Apply appropriate skills and experience for implementation of security policies, development of processes and procedures and designing technical infrastructures to secure any cardholder data environment.
- Audit and Certification
- Conduct an independent audit or support of a self-assessment questionnaire (SAQ).
- Compliance Management
- Penetration Testing & Quarterly Vulnerability Scanning, pre-assessment activities, such as internal audit, and reporting to the payment brands and acquiring banks as appropriate.