CompliancePoint

Practice Areas

Direct Marketing Compliance

Information Security Compliance

PCI Certifications
PCI DSS Assessment
PCI Payment Application (PA-DSS) Assessment
Policy & Procedures
Information Risk Management
Risk Assessments
Business Continuity & Disaster Recovery Planning
Vulnerability Assessment & Penetration Testing
Co-managed Security & Compliance Program
Compliance Consulting Services
HIPAA
HIPAA - Elements of Analysis
SSAE16 SOC Reports
GLBA
SOX
FCRA
SB 1386
Information Security Services
Architecture & Engineering
Operations

PCI DSS Assessment

The PCI Data Security Standard has been mandated by major credit card providers, and is intended to protect cardholder data. To achieve PCI DSS compliance, all members, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard, which offers a single approach to safeguarding sensitive data for all card brands. Failure to comply can mean revocation of processing privileges and or up to $500,000 in fines — per incident.

CompliancePoint's Information Security practice is a Qualified Security Assessor Company Certified by the Payment Card Industry Security Standards Council.

PCI Payment Application (PA-DSS) Assessment

Our PCI Certification engagement focuses on assessment, remediation, and certification of our client’s information and network security. CompliancePoint’s collaborative approach aligns the organizations individual business units with their technology needs according to the PCI Security Audit and Reporting Procedures. Outlined are key activities, deliverables, and milestones for ensuring the organizations PCI DSS compliance and certification.

Phase 1: PCI DSS Project Definition and Scope

Executive view of all 12 core PCI DSS standards necessary for meeting compliance
Executive view of CompliancePoint’s PCI DSS offering, approach and deliverables
Definition of key personnel and project timeline and milestones

Phase 2: PCI DSS Gap Analysis

Review and analysis of current policies, procedures, and initiatives throughout the organization
Analysis of debit/credit (i.e., payment) Transaction Environment
Identifying and analyzing all significant third party outsourcers and managed service providers used by the organization
Create Gap Analysis report

Phase 3: PCI DSS Remediation, Consultation & Implementation

Joint review of the PCI DSS Gap Analysis findings and recommendations
Create remediation and implementation project plan
Organizational remediation of identified deficiencies or issues regarding PCI DSS compliance

Phase 4: PCI DSS Assessment and Reporting

Assessment of Organizations PCI DSS Compliance
Generation of Report on Compliance
Issue PCI DSS v2.0 Compliance Certificate
Submission of Report on Compliance to applicable card brands and acquirers

Additional Services:

Policy and Procedure development
Internal Vulnerability and Penetration testing
Quarter Network Vulnerability Scans by a certified PCI ASV (ContolScan)
Technical Remediation and Consulting, CISO On-Demand

PCI DSS Resource Documents

PCI Data Security Standard

For more information, contact the Information Security Compliance Practice at CompliancePoint at security@compliancepoint.com or (800) 585-4888.

Questions?