Contact Us: +44 (0) 845 070 1750 

Search
Information
Online Shop

PCI (PCI DSS) Consultancy Services

Ask for PCI DSS Training or PCI DSS Consultancy support - telephone + 44 (0)845 070 1750

 

The Payment Card Industry Data Security Standard (PCI DSS) must be met by all organizations (merchants and service providers) that transmit, process or store payment card data. A merchant is defined as any entity that accepts payment cards (Visa, MasterCard, American Express, Discover or JCB) as payment for goods and/or services. A service provider is defined as a business entity (not a card brand or merchant) directly involved in the processing, storage, transmission, and switching of transaction or cardholder data e.g. payment processor, or an entity which provides services to merchants e.g. managed service providers, hosting providers. We have extensive PCI DSS resources.

PCI Consultancy Expertise on tap!

IT Governance has experts in the PCI DSS field, who can provide organisations with flexible and tailored PCI DSS consultancy services to meet the requirements of your compliance process.


The path to PCI DSS compliance can be somewhat daunting to ithose who have little or no knowledge of the PCI DSS. IT Governance can produce a structured framework, agreed from the outset with the organisation, which ensures effective use of in house resources as well as expenditure control

 

IT Governance can provide PCI DSS specialist advice from the outset, ensuring that your organisation fully understands the business benefits of PCI DSS compliance and the possible ramifications of non compliance. Through years of professional experience in best practice IT Management, IT Governance has the skills to effectively steer organisations towards successful compliance.


Due to an increasing number of payment card breaches within both the Merchant and Service Provider industries, organisations are now receiving increased pressure from acquirers and card brands to become PCI DSS compliant. IT Governance is ideally positioned to provide assistance in the compliance process, relieving pressure, whilst enabling organisations to continue sustained business operations effectively.

Prior to commencing the PCI DSS process, it is worth noting that in addition to its PCI DSS expertise, IT Governance has an extensive history of ISO 27001 implementation, therefore mapping ISO27001 with PCI DSS should be given serious consideration at an early stage.

Stages of the PCI DSS Consultancy Project

IT Governance divides the PCI DSS compliance project into various stages:

PCI DSS Training

IT Governance has experienced PCI DSS trainers who can tailor courses for your specific requirements. We deliver bespoke training from absolute beginners to the standard to more in-depth ‘group’ involvement training where we will evaluate all the individual requirements and ascertain how you can implement measures in your specific environment to become compliant.

IT Governance also offer public courses on PCI DSS compliance that examines the drivers and need for adoption of the standard, and how best to go about achieving compliance to serve both the requirements of the PCI DSS standard(s) and your business objectives.

PCI DSS Scoping

• Identify where cardholder data is stored, processed or transmitted within your environment (mapping out your cardholder data flows). This process will identify your ‘Cardholder Data Environment’ (CDE); your ‘scope’ for PCI DSS compliance. At this early stage we can work with you to reduce the scope, ultimately resulting in reduced resources and expenditure.

• Evaluate your current business processes. IT Governance can evaluate and suggest alternative processes for your business to reduce resources and expenditure during the compliance process. For example, all too often organisations are storing cardholder data for convenience, not for business purposes. A consultant may (if business practices permit) advise against storing cardholder data, therefore immediately eliminating ‘Requirement 3 – Protect Stored Cardholder Data’ of the standard.

PCI DSS Gap Analysis

The Gap Analysis stage looks at where your organisation is at the present time in regards to the requirements of the Standard, against where it should be to meet the requirements of the Standard. The Card brands (Visa, MasterCard etc.) state that Merchants and Service Providers must be compliant with the Standard as a whole.
An organisation may choose to undertake a Gap Analysis internally, or instruct an expert on the subject to work through the applicable requirements of the PCI DSS Standard. The Gap Analysis will result in a list of recommendations to rectify non compliance requirements, which once resolved, will enable an organisation to be confident that they are fully prepared for the validation stage.

Remediation support

• Following the Gap Analysis stage, IT Governance can assist in the design and implementation of an internal PCI DSS project team within your organisation who will ultimately be responsible for undertaking the remediation work to achieve compliance, saving on costs on instructing an outsource source for remediation. Of course, IT Governance can be on hand to attend regular check point meeting to ensure that the project remains focussed and on track.
• Support with the creation of the relevant documentation required for compliance i.e. policies and procedures.
• Service Level Agreements with Service Providers. All Merchants must ensure that their Service Providers are PCI DSS compliant, or at least working towards compliance. Merchants are frequently becoming subject to breach investigations due to inadequacies of their Service Providers (e.g. web hosting companies) who are not PCI DSS compliant and place the Merchant in a vulnerable position, open to fraudulent activity. IT Governance will ensure your organisation fully understands both your own and your Service Providers’ responsibilities, ensuring risks are reduced and managed to greatly decrease the possibility of a breach.

Validation: Self-Assessment Questionnaire

Merchants (Level 2, 3, and 4) and Service Providers (Level 3) must self-evaluate their compliance with the PCI DSS by completing the Self-Assessment Questionnaire. The cost of instructing a Qualified Security Assessor (QSA) to mentor an organisation through the completion of a self-assessment can prove an expensive option. All too often Merchants and Service Providers do not fully understand the intent of the PCI DSS requirements, leading to an inaccurate SAQ. IT Governance PCI DSS experts fully understand each requirement, enabling a comprehensive, yet swift, completion of the Questionnaire.

 

Whatever your PCI DSS Consultancy support requirements, we're just a phone call away. Email and ask for PCI DSS Training or PCI DSS Consultancy support - or telephone + 44 (0)845 070 1750

Featured Product
Read what our staff have to say about our products
Our clients
Subscribe to our newsletter
Top 5 Sellers
Latest News
Alan Calder's Blog
142 © 2003 - 2008 IT Governance Ltd. | Website by Xanthos