Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security
 
Cyber Security Services

PCI Compliance

PCI compliance safeguards your customers from credit card fraud and your business from the reputational risk of a data breach involving customer data.

Sense of Security is a PCI Standards Council Qualified Security Assessor Company (QSAC). Our experienced team can assess your level of PCI compliance and work with you to close any gaps.

Compliance requirements

To be PCI compliant you must meet all 12 PCI compliance requirements within six control objectives. These are:

  1. Build and maintain a secure network and systems

Requirement 1: Install and maintain a firewall to protect cardholder data.

Requirement 2: Do not use vendor-supplied defaults for system passwords, and other security parameters.

  1. Protect cardholder data

Requirement 3: Satisfactorily protect stored cardholder data.

Requirement 4: Encrypt transmission of cardholder data across open, public networks.

  1. Maintain a vulnerability management program

Requirement 5: Protect all systems against malware, and regularly update anti-virus software.

Requirement 6: Develop and maintain secure systems and applications.

  1. Implement strong access control measures

Requirement 7: Restrict access to cardholder data.

Requirement 8: Identify and authenticate access to system components.

Requirement 9: Restrict physical access to cardholder data.

  1. Regularly monitor and test networks

Requirement 10: Track and monitor all access to network resources and cardholder data.

Requirement 11: Regularly test security systems and processes.

  1. Maintain an information security policy

Requirement 12: Maintain a policy that addresses information security for all personnel.

Our team has experience and knowledge across all these control objectives. We can work with you to design and implement a system to ensure your business meets PCI compliance standards.

Why you need a Qualified Security Assessor

Your PCI DSS compliance must be certified by a Qualified Security Assessor (QSA).

Our QSAs are trained by the PCI Standards Council to understand, and help you meet, PCI audit requirements.

Even if you are eligible to self-assess, engaging a QSA to for guidance and advice can smooth your progress. We can assess all requirements or tailor a solution to focus on areas you are trying to strengthen.

Gaining PCI compliance
with Sense of Security

Your journey towards PCI compliance can be difficult without appropriate advice and guidance. Sense of Security can:

  • Identify the scope of your current PCI initiatives
  • Assist with completing your Self-Assessment Questionnaire (SAQ)
  • Conduct a PCI gap analysis to identify any gaps in your systems
  • Design and implement a compliance roadmap to close any gaps and achieve compliance
  • Conduct an on-site PCI audit to produce a Report on Compliance (ROC) and Attestation of Compliance (AOC) to show that your business is PCI compliant.

 

Ongoing compliance obligations

Our team can tailor an information security management program to maintain your business’s PCI compliance.

In a typical security management plan, each quarter we:

  • Test for the presence of wireless access points
  • Conduct internal and external network vulnerability scans (as an Approved Scanning Vendor we can conduct external vulnerability scans)

Annually, we conduct:

Regular tests and scans of your systems are the only way to demonstrate that they remain PCI compliant.

Achieve PCI compliance with Sense of Security.

 

Speak to one of our experienced team
on 1300 922 923 or make an enquiry today.