Does your business handle credit card details?
If your business stores, processes or even transmits credit card details, then PCI DSS (Payment Card Industry Data Security Standard) is likely to apply to you. Compliance to the standard is a requirement and fines can be issued for non-compliance, particularly if your business suffers from a breach resulting in the compromise of cardholder data.
Pure Hacking's PCI assessors can help your business on the journey to compliance. A comprehensive gap analysis service is available for businesses who understand that remediation is likely and wish to understand where their shortfalls in security controls are. The intent of the gap analysis is to highlight what needs fixing backed with direction from our experts on how to go about doing so.
Ready to prove your compliance?
Whether your business is taking the initiate to prove compliance or a third party has required you to do so, Pure Hacking's certified QSA's (Qualified Security Assessor) can help. Our assessors have experience in PCI auditing for a wide variety of organisations across multiple industries. This enables our team to conduct audits in a well organised manner to keep the impact on your organisation to a minimum. Furthermore, Pure Hacking is keen to help you complete the assessment with a successful result and to that end a tailored audit engagement can be offered allowing remediation to be completed and verified along the way.
The audit process
As a qualified PCI DSS assessor company, Pure Hacking follows the process as dictated by the PCI Security Standards Council when conducting an assessment. The high-level steps as per the current PCI DSS v3 include:
- Confirming the scope of the PCI DSS assessment
- Performing the PCI DSS assessment of the environment, following the testing procedures for each requirement.
- If required, perform remediation for any not-in-place items (this is the organisation's responsibility, however, Pure Hacking can help both with advice/recommendations and implementation)
- Completing the applicable report for the assessment (i.e., Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC), including documentation of all compensating controls, according to the applicable PCI guidance and instructions.
- Completing the Attestation of Compliance for Service Providers or Merchants, as applicable
- Submitting the SAQ or ROC, and the Attestation of Compliance, along with any other requested documentation—such as ASV scan reports— to the acquirer (for merchants) or to the payment brand or other requester (for service providers).
Let Pure Hacking guide your organisation through the process for the best outcome possible. We will ensure you have the right advice and guidance, enabling assurance for cardholder data protection.
If you would like to know more, please contact us.