PCI Gap Analysis
InteliSecure’s PCI DSS Gap Analysis is for organizations who want to measure current corporate information security practices against the PCI DSS. This service is relevant to organizations that are accepting or processing credit card transactions and want to gauge current information security controls and practices against the standard.
The Gap Analysis is often the first step of a PCI DSS project and provides a roadmap for compliance. This service will typically involve several days onsite for InteliSecure to meet with the managers who are in charge of the PCI DSS program; key staff involved in network administration and cardholder systems; and the individuals responsible for company procedures and policies.
After each Gap Analysis, InteliSecure delivers a detailed report outlining the following information:
- High level review of the cardholder data environment
- Identification of all current cardholder data processes and storage locations
- Identification of areas where the client is fully compliant
- Identification of areas where no solutions, processes or policies exist
- Recommendations for next steps
- Completed Self-Assessment Questionnaire (SAQ)
- Completed prioritized approach document
PCI Self-Assessment Questionnaires
InteliSecure assists customers across all merchant levels with completing their PCI DSS SAQ documents. Typically combined with a PCI DSS Gap Analysis, InteliSecure experts help customers quickly accomplish the following:
The PCI DSS SAQ is a validation tool intended to assist merchants and service providers in self-evaluating their compliance with the PCI DSS. There are multiple versions of the PCI DSS SAQ to meet various scenarios. The PCI DSS SAQ is for merchants and service providers who are not required to submit an on-site data security assessment report on compliance (ROC) per the PCI DSS requirements and security assessment procedures. However, an on-site data security assessment ROC may be required by your acquirer or payment brand.
PCI Approved Scanning Vendor (ASV) Services
PCI DSS compliance is about more than just understanding what information security solutions the PCI Council requires an organization to have deployed. It is also about understanding and comprehending how to align overall security and compliance strategies with these standards. Through strategic partnerships, InteliSecure provides high value Payment Card Industry Approved Scanning Vendor (PCI ASV) services, giving organizations confidence when assessing and protecting their cardholder environments.
As part of the PCI DSS security standard, there is a requirement for organizations to undertake quarterly vulnerability assessments of internal and external resources. Additionally, organizations are charged with ensuring that their wireless networks are secure by completing wireless vulnerability assessments. Furthermore, PCI DSS requires organizations to perform annual external and internal penetration tests that assess the network, operating system and applications that are part of the cardholder’s environment.
InteliSecure offers the following PCI DSS Technical Security Assessments:
- Quarterly Vulnerability Assessment
- Annual Penetration Testing
- Wireless Vulnerability Assessment
- Web Application Vulnerability Assessment