Trying to achieve PCI DSS compliance can be a challenge for any organisation, large, small, local or national.

Even if you know you need to comply, trying to decide how PCI DSS applies to your organisation - and what's in scope and what's not - can cause delays before the project has even begun. Not to mention, that once any gaps in compliance have been identified, understanding and finding the right "compliant" technical solutions can be a minefield.

If any of this sounds familiar, then you might like to know how we can help, because if the GAP analysis is more confusing than clarifying, if the remediation is more convoluted than complimentary, or if preparing for the audit is something of an unknown quantity, then our advisors are here to help: they will mentor your team through the analysis and remediation process and guide you to compliance.

By transfering their knowledge and expertise over to your team they will enable you to decide what is in and out of scope, what the most appropriate remediation strategy is, what technical solutions you might need, and prepare you for the audit.

Our PCI advice is available as a complete set, or as individual services depending on where you are in the process and what you need.

Our PCI DSS service includes:

• PCI DSS Scoping & Gap Analysis > our PCI advisors will enable you to understand how the PCI DSS applies to your organisation and business model and identify the gaps you need to close in order to achieve compliance.

• PCI DSS Remediation > having identified the gaps, our PCI advisors will enable you to create the appropriate remediation plan and implement the technical "compliant" solutions to close those gaps.

• PCI DSS Audit: SRM are a QSA for PCI DSS > with remediation complete, our PCI advisors can prepare you for the PCI audit. We can, as Qualified Security Assessors, also complete the audit for you and liaise with your acquiring bank to report your compliance status.

• Call the PCI Team > 08450 21 21 22
• Email the PCI Team >

Where are you in the PCI DSS process?

Not sure what PCI DSS is all about? >

Starting your PCI DSS project

SRM's PCI advisors can help you start your PCI compliance project by clarifying your PCI aims and objectives and then developing a project plan in order to achieve PCI compliance with the PCI DSS.

The PCI DSS is the benchmark that mitigates security risks and protects payment card data from attack. If you either store, process or transmit payment card data, the PCI DSS is applicable to your organisation. Once compliant with the PCI DSS, it must be maintained in order to ensure that sensitive data is kept safe.

Being PCI compliant has many benefits:

• Your customers' personal information will be better protected;
• You can promote the fact and enhance the reputation of your organisation because you will be seen to be protecting customer data according to the required standard;
• Your critical business information will be better protected;
• You can demonstrate a higher standard of internal governance.

The roadmap to PCI compliance is a commonsense approach to data security, so many of its requirements will come as no surprise. However, as the PCI DSS is specific to payment card data (e.g. credit cards and debit cards), there are some unique points that may require some extra effort to achieve. In order to assess the scope of the requirements, it is necessary to understand exactly what systems and processes are likely to be affected within your organisation.

Analysing your business/organisational environment will be crucial in helping you to understand and pinpoint what data you have, how it needs to be secured and what action you'll need to take to comply with the PCI DSS. We can help you with this by:

• Helping you understand the PCI DSS requirements;
• Identifying if a full assessment by our PCI Qualified Security Assessors is appropriate;
• Defining which PCI SAQ is applicable if a full QSA audit is not required;
• Constructing and auditing a PCI Information Security Policy (ISP);
• Constructing and helping you implement a PCI incident response plan;
• Mapping the flow of your payment card data;
• Analysing your data storage;
• Carrying out PCI risk assessments;
• Identifying your PCI DSS compliance gaps;
• Producing your PCI Remediation Plan.

Contact the PCI Team >

When you're part-way through

Once our PCI advisors have identified any compliance gaps, we can work with you to implement your PCI Remediation Plan. Our PCI advisors can help by:

• Advising how to complete the PCI Self-Assessment Questionnaire (SAQ)
• Constructing and auditing a PCIInformation Security Policy (ISP)
• Constructing and auditing an Anti-Virus Policy
• Vetting your staff so they meet PCI requirement 12.7
• Scanning your network and performing PCI penetration testing
• Testing, auditing and configuring your firewall
• Intrusion Detection/Prevention Systems
• Liaising with your acquirer

Contact the PCI Team >

SRM are fully Qualified Security Assessors for PCI DSS and can conduct a full audit on your PCI compliance project.

Once compliance has been achieved, the journey must continue. SRM's PCI advisors can help you by delivering a comprehensive information security service:

• Information Security Management Implementation
• Personnel Vetting
• Computer Security Incident Response Team (CSIRT)
• Computer Forensic investigations
• Business continuity planning

Contact the PCI Team >

Staying ahead of the game:

PCI DSS compliance is an ongoing project because technology changes, payment methods change, consumer habits change, as do criminal attempts to acquire customers' data - change is the only constant - the policies, practices and solutions you have in place today may not be appropriate for tomorrow.

Ongoing compliance means that you have to apply an ISMS (Information Security Management System) to your organisation in order to maintain compliance with the PCI DSS standard. (SRM are fully Qualified Security Assessors for PCI DSS and can conduct a full audit on your PCI project.)

Contact the PCI Team >