Merchants and Service Providers are required to protect the cardholder data of its customers. PCI DSS is the baseline standard to achieve the security of cardholder data. PCI QSA companies are authorized to validate the compliance of merchants & service providers. Merchants have a contractual obligation to comply with PCI DSS requirements.
ValueMentor has helped more than 150 clients achieve PCI Certification through our PCI QSA programs and there by meet the PCI Compliance requirements.
PCI Certification Program
PCI GAP Assessment
Assess the current state of your PCI Compliance using the PCI gap assessment methodology.
PCI Risk Assessment
Perform pci risk assessment to identify the impact of potential impact on CDE and cardholder data
PCI Remediation Support
Our PCI Success Team will help you identify the right solutions that may fast track your remediation process
Our PCI Success team will perform the ASV scans and coordinate with you until passing scans are obtained
PCI Penetration Testing
Our Security analysts will perform required PCI security testing services mandated by the PCI Standard
All your employees receive security awareness through cloud portal helping you improve human side of security.
Advisory on remediation of technology gaps and implementation of technical controls
PCI Remediation Reviews
PCI Certification & QSA Audit
Start a PCI Certification Project
1. Define PCI Certification Scope
The initial Phase of a PCI DSS QSA engagement is to define the scope of PCI certification / attestation.
PCI Project Initiation
- Project Initiation
- Understand the organization
- Identify critical business services
- Identify information infrastructure
CDE Systems & Networks
- Identification of the PCI Inscope Systems
- Determining the Networks that comes under CDE
Cardholder Data Flow
- Determine the systems which store, process or transmit cardholder data
- Identify and validate the cardholder dataflow
Network segmentation review
- Review the network segmentation controls used to segment the PCI cardholder network from corporate network.
2. PCI Gap Analysis / Initial PCI Audit
This second phase of the project is to identify the gaps in control implementation. A PCI QSA reviews the control implementation using the PCI ROC testing procedures.
PCI Awareness for Stakeholders
PCI awareness and the audit process are communicated to the project stakeholders prior to the PCI Gap Assessment.
Review of PCI Documentation
Review the PCI policies and procedures to identify potential gaps associated with PCI documentation requirements.
Review of CDE Systems
Review the PCI Controls implementation on the PCI CDE systems including servers, desktops, applications & network devices
PCI Gap Assessment Reports
- PCI Gap Asssessment Report
- PCI Remediation tracker
- General PCI Advisory on pci gap closures
3. PCI Consulting / Remediation Support
Our PCI Customer Success team works with the customers in providing specific advisory support during the PCI remediation phase. Our PCI Consultants have experience in helping companies in Banking, Insurance, eCommerce, Payment Gateways, Travel companies, Fintech, National and regional payment switches to achieve PCI compliance.
PCI Policies and Procedures
- Review existing policies
- Recommend new PCI policies
- Recommend new PCI procedures
Control Implementation Reviews
- Review of the controls implemented
- PCI Consultancy on new controls
- PCI segmentation implementation reviews
Facilitate PCI Services
- PCI Risk Assessment
- Track PCI implementation progress
- Periodic updates to the project team
- PCI Security Awareness trainings
PCI Penetration Tests & ASV Scans
- External ASV Scans & Pen testing
- PCI Internal VAPT
- Application PT & Source code reviews
- PCI Segmentation tests
4. PCI DSS QSA Audit
On successful PCI gap closures, customers can engage ValueMentor PCI QSA auditors for final PCI QSA Audit.
PCI Scope Validation
PCI QSA will revalidate the final scope (PCI CDE), identify the changes from the original scope reviewed.
PCI QSA Onsite Audit
Perform the testing procedures as defined in the ROC template provided by PCI Council on the scoped PCI environment
PCI Report Compliance
- Collect and archive the evidences
- Document the findings as per the ROC
- Validation of the ROC by a QA QSA
- Release the ROC for customer review
PCI Certification / Attestation
- Prepare the Attestion of Compliance (AOC) based on client confirmation of ROC
- Attestation of Compliance by parties
- Successfully complete the PCI project.
Would you like to speak to a PCI Consultant?
With increased data theft and security breaches, PCI Compliance has become invaluable for every organization that accepts/transmits/processes/stores...
PCI DSS (Payment Card Industry Data Security Standard) is the baseline standard mandated by the government to achieve cardholder data security. The...
Overview PCI DSS (Payment Card Industry Data Security Standard) is the baseline standard mandated by the government to achieve cardholder data...