TBG Offers Comprehensive Services To Meet Your PCI Compliance Requirements.

Working as either a full service consultant, or as an adjunct to your in-house business & security team, TBG will execute a  PCI compliance readiness process to insure that your business meets or exceeds their PCI compliance requirements.

Click on the phases below to learn more:

  • Phase One: Assessment

    The first step to any successful compliance effort is to review your current security environment and identify any holes or vulnerabilities In the first phase TBG will perform a detailed assessment of your existing infrastaructure, applications and policies. In this phase we will scope the project domain to determine the components in scope as well as review the systems, policies, process and procedures covered by the compliance regulations. Our Services include:

    • Target Scanning – identifying targets of interest
    • Exhaustive Port Scanning – identify services on each target
    • Version Scanning – fingerprint the services and OS to identify
    • Vulnerability Scanning – vulnerability scanning of targeted hosts
    • Application Scaning – vulnerability scanning at the application level
    • Penetration Testing – automated and manual penetration tests
    • Policy Review – review existing policies and procedures
  • Phase Two: Design

    In the design phase we’ll leverage the findings from the assessment phase to formulate a game plan and design a solution to meet the PCI compliance requirements identified in Phase One. During this phase TBG associates will work with your team to review all assessment findings, determine next steps and establish a detailed set of projects to meet your compliance objectives. Our Services include:

    • Create a readiness report documenting the Assessment findings
    • Conducting gap analysis based on Phase One findings
    • Conducting a post-assessment review of all findings from Phase One
    • Developing a comprehensive list of all remediation projects
    • Creating a detailed project plan including milestones and deliverables
      for the remediation phase of the project
    • Conducting training for your business on information security and data
      handling as it pertains to the compliance requirements
  • Phase Three: Implementation and Remediation

    In this phase, working with your team, TBG associates will provide comprehensive services to implement the design features developed in phase two and remediate any PCI compliance issues identified in previous phases. TBG can also act as an expert resource to supplement the internal business, IT and security staff as necessary.Services in this phase can include:

    • Prepare a detailed remediation plan
    • Device configuration
    • Design, build and deployment and testing of required or new systems
    • Advising in-house staff responsible for designing and implementing new
    • systems, policies, procedures and controls
    • Process Validation
    • Policy generation
    • Document step-by-step instructions to implement the low-level design
  • Phase Four: Compliance Certification

    Working with your compliance team, TBG Security will manage the PCI compliance process whether it be filling out a self-assessment or coordinating the activities of an independent Auditor. If an independent audit is required, TBG Security can recommend, or supply, and help engage, an auditor that possesses the required industry expertise to meet the audit requirements in an effort to maximize the quality of the results. Audit services may include:

    • Verification of PCI compliance against the standards/regulations
    • Testing and validation of controls
    • Preperation of formal reports or questionnaires
    • Verification of required vulnerability scan results
    • Packaging and submission of any related documentation as appropriate
    • Certification of audit report
    • Acting as your advocate to resolve any questions from auditing personnel
  • Ongoing Compliance Monitoring, Scanning and Auditing

    Once your organization has achieved compliance, most, if not all, compliance regulations require an annual audit of your security systems and procedures. In most cases, the assessment may be conducted by internal staff (and must include a signoff from a C-level officer) or by a third party. TBG Security is prepared to help you maintain compliance thru services to monitor scan reports and changes in the Standards that may impact your compliance status.

    Ongoing services include:

    • An annual on-site audit of your organizations security systems and procedures
    • Periodic (quarterly, annual, etc.) review of networks for security posture
    • Performing, monitoring and assessing results of quarterly vulnerability scans
    • Regular monitoring/analysis of network devices for security events and breaches
    • On-demand assessment of specific network components for security posture
    • Periodic review of access, management, and data encryption
    • Log monitoring and forensics to investigate specific incidents

For more information on how TBG Security can help your organization reach compliance contact our Compliance Practice Manager or call us directly at 877.233.6651 ext 704.

Approved Scanning Vendor PCI