Payment Card Industry – Data Security Standard (PCI-DSS) Implementation

PCI DSS Consulting Overview

We provide PCI DSS consulting and implementation support. This includes gap analysis, technical and procedural risk assessment, vulnerability assessment, detail recommendations, policy/documentation support, gap implementation monitoring, training, coaching security managers/technical teams, and internal audit leading to zero defect certification.

What is the approach for successful certification?

There are primarily four phases, and in each phase there can be several sub-phases:

Phase I – Determination of Scope /network segment

Phase II – Performing a gap analysis against existing controls. The activity results  in determination of gaps and recommendations

Phase III – Implementation/measurement journey through definition of policy/procedure/documentation on one hand and the implementation of the gaps on the other;

Phase III – Internal Audit is the process of verifying successful implementation, on one hand, and the inclusion of security principle in business lifecycle on the other.

Phase IV – Certification. Total duration of each milestone can vary depending upon the complexity of the organisation.   Talk or write to us at to know how we can take you through a successful journey.

PCI – High Level Overview

Build and Maintain a Secure Network

1: Install and maintain a firewall configuration to protect cardholder data

2: Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder data

3: Protect stored cardholder data

4: Encrypt transmission of cardholder data across open, public networks

Maintain a vulnerability management program

5: Use and regularly update anti-virus software

6: Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7: Restrict access to cardholder data by business need-to-know

8: Assign a unique ID to each person with computer access

9: Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10: Track and monitor all access to network resources and cardholder data

11: Regularly test security systems and processes

Maintain an Information Security Policy 12: Maintain a policy that addresses information security

Contact Us Now !