A major service provider in the production of web based storefronts considered how they might meet the rigorous requirements of the Payment Card Industry (PCI) as a Service Provider with little or no in-house knowledge of the industry standard, minimal budget and little hope for a return on investment?
They know they can call any of the Qualified Security Auditors listed on Visa’s website, but how do they prepare for a full scale audit? How can they make sure they don’t get stuck in a quagmire of compliance obscurities and endless revisits from an audit team with little motivation to help the client achieve their goals? Additionally, how can they assure compliance in a timely manner to meet the requirements of their valued customers?
The client needs to meet Level-1 PCI certification for Service Providers. They know if they attempt to do this without performing the due-diligence steps necessary, the project will continue indefinitely and become too costly.
The clients customers are pushing hard for them to become compliant sighting their own compliance objectives.
Our client needed a trusted advisor to see that the project was done right, the first time through.
TBG Security Solution
TBG Security leveraged their many years of regulatory and industry compliance experience to help the customer achieve their compliance goals.
Our team managed the relationship between the Qualified Security Auditor and the client. We began this engagement by interviewing the client performing a mock audit excises. This served as a gap analysis. This allowed us to work with the client to fill these gaps prior to the actual audit. Some deliverables to come out of this exercise included:
- The development of PCI centric policy assuring that each touch point in the standard was covered.
- Implemented new procedures to support the newly implement written policy.
- Generating supporting evidentiary material to prove compliance to the audit team.
- Implemented new software and tools within the production environment necessary to meet PCI requirements, but doing so in a way that made it possible to meet those requirements without a costly
As a trusted advisor, we facilitated the client’s interaction with the auditor and played the role of primary point of contact before, during and after the actual audit.
Impact on client’s business
TBG Compliance Readiness Services team provided our client a turnkey solution that allowed them to
achieve PCI compliance within a very short time frame, and without costly overruns. We accomplished
this without the need for the client to make any costly capital expenditures. We used what they had to
shape their environment, staff and procedures to the PCI standard.
Download Case Study