Your PCI Audit Is Just Around The Corner. Are You Ready?
The PCI Security Standards Council has set robust and comprehensive standards to enhance payment card data security. The keystone is the PCI Data Security Standard (PCI DSS).
TBG Security’s PCI Readiness Assessment
Prior to scheduling an official PCI audit (required to validate an organization’s PCI DSS compliance), most Level 1 merchants conduct a PCI readiness assessment. Also known as a pre-audit, this assessment is designed to uncover and remediate any security issues.
We would also recommend that Level 2-4 merchants – required to fill out a self-assessment questionnaire (PCI SAQ) – also conduct a readiness assessment.
TBG Security’s PCI readiness assessment builds a baseline to ensure that compliance is achieved as efficiently as possible, often uncovering weak points in a client’s cyber defenses. Below, we outline our approach to meeting the rigid requirements of PCI.
A successful PCI compliance plan first requires an in-depth review of your existing infrastructure, applications and policies. We focus primarily on items relevant to the PCI Data Security Standard (PCI DSS).
- Target Scanning – identifying targets of interest
- Exhaustive Port Scanning – identify services on each target
- Version Scanning – fingerprint the services and OS
- Vulnerability Scanning – vulnerability scanning of targeted hosts
- Application Scanning – vulnerability scanning at the application level
- Penetration Testing – automated and manual penetration tests
- Policy Review – review existing policies and procedures
TBG Security’s PCI Site Assessment may be executed partially via phone interviews for policy reviews, and partially onsite for physical inspections and verification of data collected during off-site reviews.
Working with our customer, we prioritize the findings reported in the Assessment phase, formulating the most efficient and effective remediation strategy required to pass the PCI Audit.
- Creating a readiness report documenting the Assessment findings
- Conducting a Gap Analysis
- Developing a comprehensive list of all remediation projects
- Creating a detailed project plan including milestones and deliverables for the remediation phase of the project
Your TBG Security team is now ready to implement the security improvements agreed in the Gap Analysis phase. The focus is to remediate all identified PCI compliance issues.
- Device configuration
- Design, build, deploy and test of new or updated systems
- Training for in-house staff responsible for new systems, policies, procedures and controls
- Process validation
- Policy generation
- Document step-by-step instructions
Working with your in-house compliance team, TBG Security will offer full support during the PCI compliance process, be it filling out a self-assessment or coordinating the activities of an independent PCI auditor.
TBG Security has partnerships with a number of QSA firms, and we’ll be there to guide you through the final PCI audit process, providing the necessary information and documentation to meet the PCI Security Council standards for compliance.
- Verification of PCI compliance pertaining to the standards/regulations
- Testing and validation of controls
- Preparation of formal reports and questionnaires
- Verification of required vulnerability scan results
- Submitting related documentation
- Certification of audit report
- Acting as your advocate to resolve any questions from auditing personnel
Many compliance regulations require an annual audit of your security systems and procedures in order to retain your standard validation. In most cases, the assessment may be conducted by internal staff (often requiring sign off from a C-level officer) or by a third party expert consultants. TBG Security is prepared to help you maintain compliance
- Annual on-site audit of your organization’s security systems and procedures
- Periodic review of networks for security posture, as needed
- Quarterly vulnerability scans
- Regular monitoring/analysis of network devices for security events and breaches
- On-demand assessment of specific network components for security posture
- Periodic review of access, management, and data encryption
- Log monitoring and forensics to investigate specific incidents
Get In Touch
Want more details on TBG Security’s PCI Site Assessment? We’re here to help.