Home    About Us    Services    Resources    Careers    Contact Us

PCI Compliance Services
Any organization that stores, processes or transmits card data must comply with the Payment Card Industry Data Security Standard (PCI DSS). SecurWires offers a wide range of PCI-related services that help your company achieve its compliance goals and build a sustainable compliance program regardless of where you are in the compliance cycle.



Receive customized consulting to create a plan for current and future compliance efforts.

Our professional team is certified in various Security Certifications and we help organizations align with multiple critical regulations.




1. PCI Executive Workshop
Goal
To provide a high-level understanding of your company’s PCI obligations.


Overview
These engagements typically focus on two of three areas: PCI awareness, cardholder data environment scope and key controls awareness/compliance. These areas of focus result in a high-level review and basic understanding of your PCI obligations. While we suggest that the Qualified Security Assessor (QSA) focus on education, scope or a specific item or issue, the QSA is available to support the client’s PCI compliance needs for the engagement duration.


ENGAGEMENT
› Determine Focus Interviews
› Documentation Review
› Review Payment Card Processing Methods
› PCI Education


TIME FRAME
› One to three days on-site


DELIVERABLES
› QSA Notes
› Presentation
› PCI Overview



2. PCI Readiness Review
Goal
Review key controls through interviews to provide a high-level understanding of gaps in PCI compliance.


Overview
Typically combines on-site and remote interviews (teleconference) with key personnel, including business owners, network and systems engineers, developers, call center staff and security personnel. The on-site portion focuses on conducting interviews, performing walkthroughs of cardholder data processing environments and high-level documentation reviews.


ENGAGEMENT
› Information Gathering
› Interview Key Staff Members
› Review Pre-determined Documentation
› PCI Education


TIME FRAME
› Two to Three weeks total
› Three to five days on-site
› 10-15 days remote assessments


DELIVERABLES
› Key Controls Assessment Report
› Detail Each Key Control Assessed
› Detail Confirmed or Suspected Areas of Non-Compliance
› Provide Recommendations on Compliance & Remediation Strategies



3. PCI Gap Assessment
Goal
Review all controls through interviews, documentation reviews and technical testing to provide a detailed understanding of gaps in PCI compliance. This understanding is critical when planning remediation projects, particularly for companies working on first-time compliance.


Overview
Focuses on all 12 areas of the PCI Data Security Standard and dives into the detail associated with each individual control. This analysis combines remote and on-site interviews, documentation reviews and walkthroughs of cardholder data processing environments, and examines process flows and all other areas associated with card-data processing and its associated and supporting systems.


ENGAGEMENT
› Review Policies & Procedures
› Interviews with Key Staff Members
› Review Data Card Systems
› Test PCI Controls


TIME FRAME
› Three to eight weeks total
› Minimum five to ten days on-site
› 15-20 days remote assessment


DELIVERABLES
› Non-Technical Executive Summary
› PCI Environment Scope Document
› Critical Findings Overview
› Findings and Recommendations





4. PCI Self-Assessment Questionnaire
Guidance
SecurWires can provide Self-Assessment Questionnaire (SAQ) guidance to companies that wish to sign their own SAQ. SecurWires will base the level of effort on the number of days of assistance required.


Goal
Conduct a PCI assessment consistent with an SAQ. The engagement will conclude in a completed Self-Assessment Questionnaire and Attestation of Compliance, which can be signed and submitted to the credit card brands and the acquiring banks.


Overview
Focuses on all pertinent areas of the SAQ and dives into the details associated with each required control. Assessment combines remote and on-site interviews with documentation reviews and walkthroughs of cardholder data processing environments, and examines process flows and all other areas associated with card-data processing and their associated and supporting systems.
ENGAGEMENT
› PCI Awareness
› Data Environment
› Compliance
› Test PCI controls, if attestation is required


TIME FRAME
› Determine Focus Interviews
› One to Two weeks total
› Minimum one to two days on-site
› 2-6 days remote assessment


DELIVERABLES
› PCI Overview
› Presentation
› Applicable SAQ





5. QSA Remediation Guidance
Goal
Partner as a trusted advisor to provide input on a PCI DSS remediation strategy and deliver on-guidance throughout the remediation effort.


Overview
Typically combines on-site and remote discussions via teleconference with key personnel, including business owners, network and systems engineers, developers, call center staff and security personnel to provide guidance from a PCI QSA perspective.


ENGAGEMENT
› Information Gathering
› Interview Key Staff Members
› PCI Education and Guidance


TIME FRAME
› One to 52 weeks


DELIVERABLES
› Presentation
› Custom Documentation as Detailed in the Statement of Work



6. PCI DSS Scope Reduction Strategy
Guidance
Provide recommendations on how to reduce an entity’s PCI DSS scope in an effort to reduce recurring compliance costs and overall risk to cardholder data.


Overview
Evaluate current payment card process flows and business processes to determine potential options for P2PE/E2EE, tokenization and/or outsourcing of payment functions or other innovative solutions to reduce PCI scope.


ENGAGEMENT
› Information Gathering
› Interview Key Staff Members
› Review Data Card Systems
› PCI Scope Education and Guidance


TIME FRAME
› Two to four weeks total to develop a strategy


DELIVERABLES
› Strategy Summary
› Current Card Processes Scope
› Recommended Solution Types by Type of Card Process
› Reduced Scope Potential



7. PCI Security Services
Goal
To use industry best practices to conduct an internal vulnerability assessment, internal and external penetration test to meet the requirements of the 11.3 controls within the PCI DSS and other services required for PCI DSS Compliance.


Overview
Conduct network and application-layer penetration testing to validate that PCI controls and segmentation are in-place. SecurWires also tests for vulnerabilities that could lead to the compromise of systems or sensitive data and provides other services required for PCI DSS Compliance.


ENGAGEMENT
› Information Gathering
› Review Scope Documentation and Prior Tests
› Vulnerability Identification and Exploitation
› Attack Scenarios


TIME FRAME
› Two to four weeks total


DELIVERABLES
› Executive Summary
› Scope and Testing Methodology
› Vulnerabilities Identified
› Detailed Attack Scenario Narratives
› Segmentation Testing
› Recommendations



8. PCI Awareness and Trainings
Goal
Provide training solutions that align with PCI DSS training requirements.


Overview
SecurWires training services offer practical, real-world learning for employees and IT professionals. In addition to instructor-led technical training, we offer a number of PCI-specific and customized courses that help clients meet the training component of the PCI compliance.


PCI-SPECIFIC COURSES
› Introduction to PCI
› PCI Scoping
› PCI DSS Implementation Workshops
› Security Awareness for Card Handlers
› PCI DSS Assessment Workshops


DELIVERY
› Course Content
› Supporting guidance and whitepapers







  Offline: Leave Message