Organisations storing, processing or transmitting credit card data are required to demonstrate compliance with the Payment Card Industry Data Security Standard (PCI DSS). The aim of PCI DSS Compliance, to provide assurance to both customers, and payment processors such as Visa, Mastercard, Amex and JCB, that adequate IT security controls are in place to reduce the risk of payment card theft and fraud.
Consisting of 12 requirements and 300 controls, the PCI DSS Compliance standard is both prescriptive, and comprehensive which can prove overwhelming to both small businesses and large enterprises.
The steps for demonstrating compliance depend on the number of annual transactions, or the Merchant Level of the business, varying from self-assessment, through to annual onsite audit from an external assessor.
Whether you are a small business requiring assistance with a Self-Assessment Questionnaire (SAQ), or a large enterprise handling millions of payments requiring support for a remediation programme, we can help.
Our range of PCI DSS Compliance Services, delivered by our team of qualified PCI DSS Security Consultants can provide advice, reduce complexity, and manage your companies’ journey to achieving, and maintaining compliance.
Cloud is everywhere, and it has people both excited, and nervous. It has the opportunity to provide benefits that are already too early to realise, both to consumers, and to businesses. The attraction of reduced hardware cost and software ownership is unquestionably a major attraction to both SME’s all the way through to large corporate enterprises, allowing them to focus on what they do best. This also though has potential conflicting security concerns where the external parties may adopt a different security posture, or management of information than when the data and/or processing residing on-premise. Be that as it may, cloud computing is an unstoppable force, and as security practitioners, it is our responsibility to enable the business to take educated risks to take advantage of what this exciting evolution can offer.
SWIFT has introduced a requirement that mandates an independent assessment for all customers' attestations. This comes into force in 2021.
We provide the following services for SWIFT CSP:
a) Swift CSP Audit
Validation of successful alignment of controls with the SWIFT CSP guidelines resulting in a controls report under recognized standards (e.g. ISAE3000).
b) SWIFT CSP Assessment
A detailed assessment of SWIFT CSP controls by leveraging our CSP accelerator.
c) Embedded in Internal Audit
Work alongside our clients' internal audit function to report on SWIFT CSP controls.