The Payment card Industry Data Security Standard (PCI DSS) is a prescriptive standard that organisations accepting, processing, transmitting or storing credit card information have to comply with. Unlike many standards where various shades of grey may be acceptable, with PCI DSS compliance is black and white. The letter of the requirement must be adhered to, or compensating controls addressing the same rigour and intent as the control must be in place, otherwise the requirement is deemed not in place.
Another challenge with the standard is the understanding of the validation requirements. Organisations that have to follow PCI DSS have to comply with all the requirements. So even though they may validate through the self assessment questionnaire (SAQ), or even only by performing the quarterly scans, they have to be compliant with all the requirements of the standard.
Shearwater understands the intricacies of PCI DSS and has a proven history in information security and can help organisations with all aspects of compliance. Whether it be the provision, implementation and/or management of products, procedures, policies.
Shearwater provides PCI DSS related consulting services such as:
- Penetration testing (Requirement 11.3) internal and external
- Internal Vulnerability scanning (Requirement 11.2.1)
- External Vulnerability Scanning (Requirement 11.2.2 ASV scanning, Requirement 6.6)
- Wireless audits (Requirement 11.1)
- Policy/Procedure Development
- Security management framework development
- Security architecture and design
- PCI Scope reduction advice
- Product Selection
- Product implementation and management
- Gap Analysis