If your organisation electronically holds, transmits or processes credit card information, regardless of how that information was acquired, then it is required by the Payment Card Industry (PCI) to comply with its Data Security Standard (DSS).
PCI Compliance Requirements
The PCI DSS requires merchants to:
• Build and Maintain a Secure Network
• Protect Cardholder Data
• Maintain a Vulnerability Management Program
• Implement Strong Access Control Measures
• Regularly Monitor and Test Networks
• Maintain an Information Security Policy
The Data Security Standard (DSS) is a complicated mix of best practices, technologies, policies and operational procedures. While all merchants and service providers are required to comply with all 220+ items in the standard, there is sufficient flexibility to allow each covered entity to comply in the manner that best suits the organization. However, this flexibility also creates an opportunity to misinterpret the requirements, resulting in a false state of compliance.
By engaging Integrity Solutions Ltd as your PCI compliance partner, you will gain access to Integrity’s expertise in validating your current compliance state. Beyond this initial evaluation, we also provide detailed recommendations in the form of individual projects that are necessary in order to come into compliance.
Our expertise in designing and implementing security technologies ensures that our recommendations are based on realistic expectations for security and on-going management while minimizing the impact on “the business”.
Our approach starts with understanding your business environment and your objectives. The goal of this understanding is to become an extension of your team and provide recommendations on how to comply with the DSS while minimizing the intrusion on established business operations. Our consultant will spend sufficient time with your IT staff and business leadership to learn the ways in which your company interacts with cardholder data and during this time they will measure your current compliance with each of the requirements in the standard.
With “current state” information at hand, we will analyse all of the gaps in your compliance program and make targeted, detailed and realistic recommendations to address each gap. The outcome of this analysis is a final report that embodies the remediation program necessary to come into compliance.