"All I want is compliance with my wishes,
after reasonable discussion."
Winston S. Churchill
PCI DSS (Payment Card Industry Data Security Standard) is a security standard developed by the PCI SSC (PCI Security Standards Council) for payment card merchants and processors and is based on five global payment brands - American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc., who have agreed to include PCI DSS as a technical requirement for compliance with each of their data security programs.
PCI DSS is vital to the implementation of information security and best practices in the credit card industry.
PCI DSS includes 12 requirements and is applicable for any business that stores, processes or transmits cardholder data.
The steps we take with you to achieve PCI DSS compliance are designed to require minimal effort on your side and with a process that is as automated as possible:
- Scoping - together with you, we analyze the scope of certification in order to minimize it as well as the necessary implementation work.
- Gap Analysis - provides a check of the current state of the IT infrastructure, the processes and documentation for conformity with the PCI requirements. The results reveal any necessary adjustments and additions that provide our customers with detailed and meaningful information that defines the remedial action for a successful PCI certification.
- Ongoing Support - we advise and support our customers in all matters relating to PCI compliance and during the entire process of analysis, remediation and implementation of corrective measures and controls.
- Formal Assessment - performed by our Qualified Security Assessor (QSA) this assessment results in the issuance of final PCI compliance report and certificate.
TALK TO US
Seven Security Group is a QSA (Qualified Security Assessor) company certified by the PCI Security Standards Council and authorized to operate in Europe and CEMEA.
Apart from the scope optimization and reduction in the beginning of the process, we always try and automate all tasks as much as possible. We use technology and online collaboration tools, such as Jira, Redmine, Basecamp and others to create, monitor, supervise and help with all joint tasks of our teams, so time and effort is also minimized. If you don't have your own collaboration tool, we will create a profile for you in ours and grant your team access to it.
All of the above enable us to provide you with the best industry pricing.
Depending on your certification level requirements, you may need these additional PCI-related services:
Penetration Testing - Performing internal and external penetration tests of IT infrastructures and applications in the PCI scope that may be required for achieving and maintaining PCI compliance.
External Vulnerability Scanning via ASV - Quarterly execution of ASV vulnerability scans as required for achieving and maintaining PCI compliance.
Internal Vulnerability Scanning - Quarterly execution of internal vulnerability scans as required for achieving and maintaining PCI compliance.
Security Awareness Training - Providing training courses for introducing, achieving and maintaining PCI compliance.