PCI Compliance
Sense of Security is a PCI Standards Council Qualified Security Assessor Company (QSAC). Our experienced team can assess your level of PCI compliance and work with you to close any gaps.
To be PCI compliant you must meet all 12 PCI compliance requirements within six control objectives. These are:
- Build and maintain a secure network and systems
Requirement 1: Install and maintain a firewall to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords, and other security parameters.
- Protect cardholder data
Requirement 3: Satisfactorily protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open, public networks.
- Maintain a vulnerability management program
Requirement 5: Protect all systems against malware, and regularly update anti-virus software.
Requirement 6: Develop and maintain secure systems and applications.
- Implement strong access control measures
Requirement 7: Restrict access to cardholder data.
Requirement 8: Identify and authenticate access to system components.
Requirement 9: Restrict physical access to cardholder data.
- Regularly monitor and test networks
Requirement 10: Track and monitor all access to network resources and cardholder data.
Requirement 11: Regularly test security systems and processes.
- Maintain an information security policy
Requirement 12: Maintain a policy that addresses information security for all personnel.
Our team has experience and knowledge across all these control objectives. We can work with you to design and implement a system to ensure your business meets PCI compliance standards.
Why you need a Qualified Security Assessor
Your PCI DSS compliance must be certified by a Qualified Security Assessor (QSA).
Our QSAs are trained by the PCI Standards Council to understand, and help you meet, PCI audit requirements.
Even if you are eligible to self-assess, engaging a QSA to for guidance and advice can smooth your progress. We can assess all requirements or tailor a solution to focus on areas you are trying to strengthen.
Gaining PCI compliance
with Sense of Security
Your journey towards PCI compliance can be difficult without appropriate advice and guidance. Sense of Security can:
- Identify the scope of your current PCI initiatives
- Assist with completing your Self-Assessment Questionnaire (SAQ)
- Conduct a PCI gap analysis to identify any gaps in your systems
- Design and implement a compliance roadmap to close any gaps and achieve compliance
- Conduct an on-site PCI audit to produce a Report on Compliance (ROC) and Attestation of Compliance (AOC) to show that your business is PCI compliant.
Ongoing compliance obligations
Our team can tailor an information security management program to maintain your business’s PCI compliance.
In a typical security management plan, each quarter we:
- Test for the presence of wireless access points
- Conduct internal and external network vulnerability scans (as an Approved Scanning Vendor we can conduct external vulnerability scans)
Annually, we conduct:
- Web application vulnerability testing
- Internal and external penetration testing.
Regular tests and scans of your systems are the only way to demonstrate that they remain PCI compliant.