Compliance Services
PSC is a leading PCI Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV) and one of an elite few companies qualified globally to provide expert services and solutions to organizations that require specialist compliance or consulting support in the areas of Payments, Security or Compliance.
To ensure Independence, PSC does not represent, resell or receive commissions from any third party hardware, software or solutions vendors.
Payment Card Industry Data Security Standard (PCI DSS)
The PCI DSS aligns the Visa International Account Information Security (AIS) program, the Visa USA Cardholder Information Security Program (CISP), MasterCard Site Data Protection (SDP) program, American Express Data Security Operating Policy (DSOP) and Discover Information Security and Compliance (DISC) streamlining requirements, compliance criteria and validation processes.
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the standard are organized:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Find out more about PCI DSS Services
Payment Application Data Security Standard (PA-DSS)
The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI Data Security Standard (PCI DSS).
Find out more about PA DSS Services
PCI DSS Compliance Maintenance
PSC's unique service offering in this area focuses on managing sustaining compliance activities to reduce deviations and exceptions; establishes trasition plan and compliance activities to meet new standards; reduces annual PCI DSS assessment time and overall effort by managing continual compliance demonstration; and, increase compliance by elimination of compensating controls and monitoring of important security activities.
Find out more about PCI DSS Compliance Maintenance
Internal and External Penetration Testing
The purpose of penetration testing is to footprint, enumerate and potentially exploit vulnerabilities in web application(s) and network infrastructure using automated tools and manual mechanisms, above and beyond what simple automated scanning tools can achieve.
Network and application penetration tests are different from vulnerability scans in that penetration tests are more manual. They attempt to actually exploit some of the vulnerabilities identified in scans, and follow practices used by hackers to take advantage of weak security systems or processes.
Find out more about Internal and External Penetration Testing Services
Vulnerability Scanning
Security scans assist in the identification of vulnerabilities and mis-configuration of web sites, applications, and information technology (IT) infrastructures with Internet-facing IPs.
Find out more about Vulnerability Scanning Services
Training / Courses
Training has become increasingly important for any organization wishing to obtain certification to any standard (PCI, ISO, AICPA etc). PSC offers a wide range of training solutions individually tailored to the organizations needs. Training is provided at the organizations offices or online and targeted specifically for those organizations employee requirements.
Find out more about Training / Courses Services
Policies & Procedures Documentation
Development and implementation of a comprehensive documentation set is vital, for any organization that wishes to achieve compliance. PSC offers a range of documentation products for all compliance targets and completely customizable for any size of organization.
Find out more about Policies & Procedures Documentation Services
PCI PIN/PED Review
PCI PED has been introduced to minimize the risk profile inherent in card transactions. The PCI PED Security Requirements contain physical and logical security device requirements for
both online and offline PIN entry devices (PED), as well as device management requirements for activity prior to initial key loading. PCI PED applies to manufacturers that sell PIN pads and terminals with internal PIN pads.
Find out more about PIN/PED Review Services
Information Security Managements Systems Standard
PSC staff has direct experience in the readiness and assessment of important international standards, including:
- ISO 27001
- ISO 9000
- ISO 9564
Find out more about Information Security Managements Systems Standard
Information Privacy
- HIPAA - Health Insurance Portability and Accountability Act data security requirements
- SOX - Sarbanes-Oxley and corporate governance related to information security
- GLBA - Gramm-Leach Bliley Act
- European Union Data Protection Directive
- UK Data Protection Act
- Canada Personal Information and Electronic Documents Act
Find out more about Information Privacy
Find out more about HIPAA
SSAE 16 Preparation
PSC provides a Statement on Standards for Attestation Engagements No. 16 (SSAE16) readiness assessment consisting of examining the service organization's description of controls to determine fairness; suitability of design and operational effectiveness.
Find out more about SSAE 16 Preparation
P2PE Assessment Services
The PCI Security Standards Council has released new assessment standards relating to hardware-based point-to-point encryption (P2PE) services. These services, provided by acquiring processors and payments gateways, utilize PCI POI validated terminals to provide encryption of cardholder data from the retail establishment through to the acquirer. By implementing one of these solutions, a merchant may reduce the scope of their PCI DSS assessments, and significantly reduces risk of compromise of cardholder data.
Find out more about P2PE Assessment
|
