PCI Consulting
MCC's security and certification services are the core of a proactive, dynamic security program that meets or exceeds industry regulatory standards. Our security assessment consultants can provide network audits to the standards and requirements of the Payment Card Industry Data Security Standard. Whether mandated or just recommended, on-site reviews and assessments also enable verified compliance of practices such as physical site protection and restricted access to data processing equipment. Your staff's compliance with security policies can also be confirmed. Our Data Security Professionals can offer a comprehensive approach to understanding, assessing, achieving, meeting, and maintaining PCI compliance in a phased approach.
Understanding Scope and the Regulation
- Identify and track the flow of Card Holder Information (CHI) through your network to ensure all systems are understood
- Identify changes in architecture that will help your organization reduce the scope and cost of PCI compliance through key areas of segmentation
- Walk your organization through a self-assessment and provide knowledge transfer in order to understand the dozens of specific criteria outlined in the PCI DSS.
Assessing the Environment
- Perform an Onsite Assessment including validation of each audit procedure, required for Level 1 Merchants and Service Providers
- Use the same framework for other organizations to help assess for overall compliance but reduce costs through performing focused validations only
Achieving Compliance
- Work with the organization if they are not fully compliant to identify gaps and recommend mitigation
- Allow independence between the assessor and the implementer of new and/or mitigating controls
- Our PCI security service was designed to work with your staff and other security vendors when staffing or experience is not sufficient within the organization
Meeting the Requirements
- External MasterCard certified vulnerability scans
- Internal vulnerability scans
- Penetration testing
- Wireless assessments
Maintaining a Secure State
- Although only periodic validation actions are required under the PCI regulation, compliance with the PCI DSS needs maintained to exercise Safe Harbor clause
- Necessary to avoid any fines or penalties issued from a payment card or member bank
- Your organization must be able to demonstrate compliance at the time of an incident and not just periodically.
- Our PCI security consulting is designed around periodic and ad hoc assessment activities needed to ensure ongoing PCI compliance efforts
|