Stages of Compliance to PCI-DSS

URM’s recommended approach to organisations complying with PCI DSS is based on the following road map.

Category of compliance

The first main challenge for organisations is to identify what credit cards they process and the volumes of transactions for each card type so they can determine which category of compliance they fall in to.

Scope:

Each organisation must identify the data flows in order to ascertain the environment (logical and physical) in which the card transactions are processed. This then becomes the focus of the PCI DSS compliance work.

Infrastructure review

URM works with its customers to ensure that compliance is facilitated by ensuring that the design of the infrastructure in which card transactions are processed is designed to optimise compliance.

Audit and assessment

URM assists customers to complete a PCI audit assessment of its compliance against the 12 Requirements in the DSS. A detailed report is generated to show where compliance exists and document recommendations where there is non-compliance.

Remediation

Not only does URM make recommendations to correct any non-compliance, it also provides consultancy to ensure that remediation activities are carried out in an appropriate manner to ensure compliance.

Compliance Maintenance

PCI DSS compliance is an on-going process. URM can provide consultancy services under a maintenance contract to ensure that compliance, once achieved, is maintained to the correct standard.

Benefits of PCI Compliance PCI DSS, through its binding collection of rules, aims to reduce financial fraud through improving the security capabilities of all aspects of an organisation's IT environment that processes payment card information. There are many benefits of PCI DSS compliance including the:

• Protection of customers’ personal data
• Increased customer confidence provided by a higher level of data security
• Increased protection against financial penalties and remediation costs that arise from security breaches
• Safeguarding the organisation’s brand and reputation
• Risk assessment and benchmarking of the security systems that surround the storing, processing and transmission of payment cardholder data.

• Consultancy Introduction
• Information Security (ISO 27001)
  • Information Security (ISO 27001)
  • Relationship between ISO 27002 & ISO 27001
  • How to Comply with ISO 27002 or Certify to ISO 27001
  • ISO 27001 Awareness Training
  • ISO 27001 Case Studies
• Information Security (PCI DSS)
  • Information Security (PCI DSS)
  • Stages of Compliance to PCI-DSS
• Information Security (DMA DataSeal)
• Business Continuity Management (BS 25999)
  • Business Continuity Management (BS 25999)
  • Significance of BS 25999
  • How to deploy BS 25999 - Lifecycle Stages
  • Crisis Management Simulation Exercises
  • New ISO Standard for BCM - ISO 22301
• IT Service Management (ITIL & ISO 20000)
  • IT Service Management (ITIL & ISO 20000)
  • Significance of ITIL & ISO 20000
  • How to deploy ITIL or certify with ISO 20000
• Data Protection
  • Data Protection - Introduction
  • URM's approach to Data Protection
  • BS 10012 - New DPA Standard
• Information Risk Management
  • Information Risk Management
  • URM's approach to Information Risk Management
• Software Asset Management
  • Software Asset Management
  • URM's approach to Software Asset Management
• Polices & Procedures
  • Polices & Procedures
  • URM's approach to Polices & Procedures