Getting Started
As a response to increased theft of credit card information, the different card brands (MasterCard, Visa, American Express and others) developed a minimum set of requirements for their merchants to follow.
To assist organisations in meeting those requirements, the Payment Card Industry Security Standards Council (PCI SSC) was formed to manage and administer the Payment Card Industry Data Security Standard (PCI DSS) and the supporting standards.
PCI DSS consists of 6 goals spanning twelve major requirements. These requirements apply to every organisation that accepts, processes, stores or transmits credit card information.
The exact requirements for reporting and validation are set by each of the card brands.
PCI Compliance
Information Kit
What is PCI DSS?
This three minute video produced in partnership with Macquarie Telecom gives a quick overview of PCI DSS and why it’s important.
Shearwater’s PCI Compliance Solutions
Shearwater can assist in all aspects of compliance. We can perform annual validation audits as required under the standard. We can also assist you in the meeting the requirements of PCI DSS by working with you to assess gaps, develop remediation strategies, and to provide products and services that meet the standard. Shearwater offers a range of consulting and auditing services for becoming compliant and maintaining compliance with PCI.
Achieve
We will start with a pre-assessment that outlines the simplest and most cost-effective route to compliance.This includes:
- Full Onsite Review
- Scoping Analysis
- Data Flow Analysis
- Gap Analysis
- SAQ Assistance
- Remediation
Maintain
Shearwater has outlined a range of managed services to help you maintain a successful compliance program. Our clients enjoy the peace of mind that they are compliant around the year, not just at audit time. We offer managed services across Firewalls, File integrity Monitoring (FIM), Anti-Virus (A/V), and Logging. We also offer PCI DSS compliant Penetration Testing and Vulnerability Scanning.
Prove
The methods used to prove compliance differ according to your organisation‘s merchant level. Shearwater is a Qualified Security Assessor (QSA) and can perform the on-site validation audit. At the conclusion of a successful audit, we will provide a Report of Compliance (RoC) and an Attestation of Compliance (AoC).
We chose to engage an Australian company called Shearwater to lead that (IRAP) assessment because of their reputation for rigour and expertise.
James Kavanagh
CTO, Microsoft Australia
