Payment Card Industry Compliance Services

If your business processes, stores or transmits card holder data, keeping customer data safe is not just subject to regulatory compliance, it’s good business.

INFO SECURITY PAKISTAN™ believe that achieving Payment Card Industry Data Security Standard (PCI DSS) compliance ought to be business as usual. Our experienced Qualified Security Assessors (QSAs) work alongside customers to develop and implement year-round business processes, policies and procedures as required by the PCI DSS. The end result: A more methodical approach toward an “always compliant” state while maintaining end-customer confidence.

Our customer-first consultative approach that walks you through the compliance process, helping you to understand and comply with the PCI requirements appropriate for your business:

• Report on Compliance
• Attested Self-Assessment Questionnaire
• Assisted Self-Assessment Questionnaire

Our Virtual Qualified Security Assessor (vQSA) program, a subscription-based service that empowers you to be proactive by enabling you to navigate the PCI process year-round.

PCI COMPLIANCE SERVICES

PCI compliance can be complex and resource intense. Info Security Pakistan helps you carry the load by providing expert QSAs, security engineers, technical writers, and more to provide world class, competitively priced PCI compliance services.

This is a particularly valuable service if you have yet to document your risks, vulnerabilities and exposure to threat, or if you would like to seek assurances about the effectiveness of any measures that you have deployed.

PCI Gap Analysis (Pre-Audit Readiness Exercise)

• Reviews your security processes and controls against the full PCI DSS without the in-depth operational testing required by ROC testing procedures
• Identifies gaps and creates a remediation plan to allow your organization to concentrate on meeting compliance timelines within budgetary constraints.

PCI Risk Assessment

• Fulfills Requirement 12.1.2
• Identifies, analyzes, and documents security risks and vulnerabilities

Level 1 Report on Compliance (ROC)

• Provides an independent validation of compliance to customers, card brands and acquiring banks.
• Led by expert QSAs who intimately understand payment card processing models and how the idiosyncrasies of your business impact your compliance.

Attested Self-Assessment Questionnaire (SAQ)

• Provides a full on-site review of your systems
• Includes QSA validation and submission of an Attestation of Compliance (AOC)

Assisted Self-Assessment Questionnaire (SAQ)

• Lends subject matter expertise to help you complete the PCI self-assessment
• Assists with the completion of a SAQ and the submission of signed Attestation of Compliance (AOC)

Logging and Log Monitoring

• Fulfills Requirement 10
• Provides 24x7x365 network activity oversight, system event inspection, suspicious activity alerts, and incident response

Compliance Training

• Fulfills Requirement 12.6
• Provides on-site or online security awareness training

INFO SECURITY PAKISTAN™ Detailed Approach

INFO SECURITY PAKISTAN™ PCI services are multifaceted with a variety of different options, but always begin with asking the client about changes they believe they need to make, and what can be done to make these changes easier. Examples of our key PCI services include:

• PCI ASV vulnerability assessment: This assessment identifies known network, operating, web application, and server exploits and vulnerabilities by using automated tools in accordance with PCI Data Security Standard (DSS). This allows your business to know which vulnerabilities exist, so that you can remediate them.
• Continual compliance: This service provides year-round guidance so your company can meet the recurring requirements of PCI and improve their compliance programs. This also allows you to monitor your PCI compliance throughout the year and define key milestones to eliminate rework later.
• PCI readiness assessment: A PCI readiness assessment helps you to determine your readiness for an on-site Report on Compliance (RoC) assessment by identifying key areas of weakness and noncompliance. The project results in steps needed to achieve compliance and to understand how to maintain compliance with evolving security compliance obligations. Our gap assessments involve interviews that are conducted for up to two days to determine your standing in regard to PCI compliance.
• PCI Report on Compliance (RoC) and SAQ: A PCI RoC is an assessment conducted following the PCI Data Security Standard to determine an organization’s ability to protect cardholder data. Level 1 (6 million transactions per year) merchants are required to submit a PCI RoC completed by a Qualified Security Assessor (QSA) on an annual basis.
• PCI service provider quarterly review: PCI service providers are required to conduct quarterly reviews to confirm that personnel are following security practices and operational procedures. This service enables providers to establish a process to meet the quarterly requirement. Our Qualified Security Assessors (QSA) will work with you to confirm that your compliance efforts are supported throughout the organization.

While these services are all available individually, we often find that our clients will utilize multiple services at a given time as a way of exceeding the minimum requirements to be compliant.