PCI-DSS

Payment Card Industry - Data Security Standard

The PCI-DSS is a minimum set of technical and organisational requirements designed to help businesses protect customers’ cardholder data against fraud through robust payment security. The importance of achieving and maintaining compliance with this standard is a vital requirement for any organisation. CISO AG’s consultants will assist your organisation in achieving these requirements in the most cost-effective manner possible to your organisation’s maturity.

Gap Analysis

Assess your current PCI compliance posture to produce a plan that can be implemented to achieve full compliance with the Standard.

A PCI-DSS gap analysis will help your organisation prepare to pass the annual audit.

Audit and ROC

Create a fully documented report on compliance (RoC) that is accepted by your business partners.

A RoC is required by organisations with large transaction volumes and must be conducted by a QSA, who will submit a formal report to the PCI Security Standards Council to attest that your organisation complies fully.

Implementation

Manage your team’s PCI DSS remediation efforts, delivering cost-effective solutions.

PCI-DSS remediation can be both time consuming and resource intensive. A well-structured and proven PCI remediation plan can significantly reduce the time and cost of achieving compliance.

1. Pre-Assessment

  • Kick-off meeting and awareness session
  • Sharing and exchange of preliminary documents

2. Assessment

  • Understanding the business flow
  • Scoping
  • Gap assessment

3. Remediation

  • Consulting on how to mitigate the gaps
  • Off-site support for closure gaps

4. Certification

  • Off-site review
  • Final onsite Audi
PCI DSS

All organisations that accept or process credit card payments are required to undertake an annual PCI DSS audit of security controls and processes, covering areas of data security such as retention, encryption, physical security, authentication, and access management.

PCI DSS compliance is one of the most stringent and most coveted security standards in the industry today. With 6 goals, 12 requirements and over 300 sub-requirements, for the cardholder data environment, PCI compliance helps businesses to reduce and minimize the risk of their payment systems from getting breached and theft of cardholder data.