ValueMentor’s PCI Certification programs help customers achieve PCI DSS Compliance and payment security
Merchants and Service Providers are required to protect the cardholder data of their customers. PCI Data Security Standard (DSS) is the baseline standard to achieve the security of cardholder data. PCI DSS QSA companies are enabled to validate the effective compliance of merchants & service providers. Merchants have a contractual obligation to comply with PCI DSS requirements.
All organizations handling credit card payments require annual PCI DSS Audits for their security controls and processes. QSA Certification and audit process cover areas of data security such as encryption, authentication, data retention, physical security, and data protection. Organizations falling short of achieving the PCI Compliance Certificate could be liable for fines and penalties.
PCI Project Initiation
- Project Initiation
- Understand the organization
- Identify critical business services
- Identify information infrastructure
CDE Systems & Networks
- Identification of the PCI Inscope Systems
- Determining the Networks that come under CDE
Cardholder Data Flow
- Determine the systems which store, process or transmit cardholder data
- Identify and validate the cardholder dataflow
Network segmentation review
- Review the network segmentation controls used to segment the PCI cardholder network from the corporate network.
PCI Awareness for Stakeholders
PCI awareness and the audit process are communicated to the project stakeholders prior to the PCI Gap Assessment.
Review of PCI Documentation
Review the PCI policies and procedures to identify potential gaps associated with PCI documentation requirements.
Review of CDE Systems
Review the PCI Controls implementation on the PCI CDE systems including servers, desktops, applications & network devices
PCI Gap Assessment Reports
- PCI Gap Assessment Report
- PCI Remediation tracker
- General PCI Advisory on PCI gap closures
PCI Policies and Procedures
- Review existing policies
- Recommend new PCI policies
- Recommend new PCI procedures
Control Implementation Reviews
- Review of the controls implemented
- PCI Consultancy on new controls
- PCI segmentation implementation reviews
Facilitate PCI Services
- PCI Risk Assessment
- Track PCI implementation progress
- Periodic updates to the project team
- PCI Security Awareness training
PCI Penetration Tests & ASV Scans
- External ASV Scans & Pen testing
- PCI Internal VAPT
- Application PT & Source code reviews
- PCI Segmentation tests
PCI Scope Validation
PCI QSA will revalidate the final scope (PCI CDE), identify the changes from the original scope reviewed.
PCI QSA Onsite Audit
Perform the testing procedures as defined in the ROC (Report on Compliance) template provided by PCI Council on the scoped PCI environment
PCI Report Compliance
- Collect and archive the evidence
- Document the findings as per the ROC
- Validation of the ROC by a QA QSA
- Release the ROC for customer review
PCI Certification / Attestation
- Prepare the Attestation of Compliance (AOC) based on client confirmation of ROC
- Attestation of Compliance by parties
- Successfully complete the PCI project.