Follow us on TwitterFollow our PCI Devil, Paul Brennecker, on Twitter >

PCI DSS Services

PCI DSS Qualified Security Assessor logoWe offer the following PCI DSS services:

  • PCI DSS Advice - our PCI specialists will advise you how to achieve PCI DSS compliance in relation to your particular organisation.
  • PCI DSS Remediation - after defining the scope of your PCI project, our PCI advisors will identify the areas that need remediation in order for your organisation to become PCI compliant.
  • PCI DSS Audit: SRM are a QSA for PCI DSS - our PCI specialists will carry out the audit against the Payment Card Industry Data Security Standard and liaise with your acquiring bank to report your compliance status.
  • Call the PCI Team > 08450 21 21 22
Quote SRM IN THE PRESS THE NEXT EVENT BREAKING NEWS

PCI DSS Services
PCI DSS Analysis Stage

Starting your PCI DSS project

SRM's PCI experts can help you start your PCI compliance project by first assessing and analysing your aims and objectives and then developing a project plan in order to achieve compliance with the Data Security Standard.

The PCI DSS is the benchmark that mitigates security risks and protects payment card data from attack. If you either store, process or transmit payment card data, the PCI DSS is applicable to your organisation. Once you have achieved compliance with the PCI DSS, it must be maintained in order to ensure that sensitive data is kept safe. Being PCI compliant has many benefits:

  • Your customers' personal information will be better protected;
  • You can promote the fact and enhance the reputation of your organisation because you will be seen to be protecting customer data according to the required standard;
  • Your critical business information will be better protected;
  • You can demonstrate a higher standard of internal governance.

The roadmap to PCI compliance is a commonsense approach to data security, so many of its requirements will come as no surprise. However, as the PCI DSS is specific to payment card data (e.g. credit cards and debit cards), there are some unique points that may require some extra effort to achieve. In order to assess the scope of the requirements, it is necessary to understand exactly what systems and processes are likely to be affected within your organisation.

PCI DSS Roadmap to compliance

Analysing your business/organisational environment will be crucial in helping you to understand and pinpoint what data you have, how it needs to be secured and what action you'll need to take to comply with the PCI DSS. We can help you with this by:

  • Helping you understand the PCI DSS requirements;
  • Identifying whether a full assessment by our Qualified Security Assessors is appropriate;
  • Defining which SAQ is applicable if a full QSA audit is not required;
  • Constructing and auditing an Information Security Policy (ISP);
  • Constructing and helping you implement an incident response plan;
  • Mapping the flow of your payment card data;
  • Analysing your data storage;
  • Carrying out risk assessments;
  • Identifying your PCI DSS compliance gaps;
  • Producing your PCI Remediation Plan.

Contact the PCI Team >

PCI DSS Remediation Stage

When you're part-way through

Once any compliance gaps have been identified, we can work with you to implement your remediation plan. SRM has extensive experience in this field and can help you by:

  • Constructing and auditing an Information Security Policy (ISP)
  • Constructing and auditing an Anti-Virus Policy
  • Vetting your staff
  • Scanning your network and performing penetration testing
  • Testing, auditing and configuring your firewall
  • Intrusion Detection/Prevention Systems
  • Advising you on how to complete the PCI Self-Assessment Questionnaire (SAQ)
  • Liaising with your acquirer

Contact the PCI Team >

PCI DSS Auditing & Accreditation Stage

PCI DSS Qualified Security Assessor logoWhen you're ready for audit and accreditation

SRM are fully Qualified Security Assessors for PCI DSS and can conduct a full audit on your PCI compliance project.

Once compliance has been achieved, the journey must continue. SRM's advisors can help you by delivering a comprehensive information security service:

  • Information Security Management Implementation
  • Personnel Vetting
  • Computer Security Incident Response Team (CSIRT)
  • Computer Forensic investigations
  • Business continuity planning

Contact the PCI Team >

PCI DSS Ongoing Compliance Stage

Staying ahead of the game:

PCI DSS compliance is an ongoing project because technology changes, payment methods change, consumer habits change, as do criminal attempts to acquire customers' data - change is the only constant - the policies, practices and solutions you have in place today may not be appropriate for tomorrow.

Ongoing compliance means that you have to apply an ISMS (Information Security Management System) to your organisation in order to maintain compliance with the PCI DSS standard. (SRM are fully Qualified Security Assessors for PCI DSS and can conduct a full audit on your PCI project.)

Contact the PCI Team >

BREAKING NEWS

SRM have launched the National Vetting Certificate - Find out more >

THE NEXT EVENT

Tales of the Unexpected at this year's BCM World Conference >

IN THE PRESS

Read Paul Brennecker's exclusive interview with Computing Magazine >

HTML 4.01 Validation logo  Valid CSS logo