Getting the balance right

Stages of Compliance to PCI-DSS

URM is a PCI Qualified Security Assessor (QSA) which means that it has been certified by the PCI Security Standards Council (PCI SSC) to assess organisations compliance to PCI DSS.

Apart from its QSA capabilities, URM, through a different team of PCI specialists, is able to assist organisations prepare for compliance. A typical road map is as follows:

Category of compliance

The first main challenge for organisations is to identify what credit cards they process and the volumes of transactions for each card type so they can determine which category of compliance they fall in to.

Scope:

Each organisation must identify the data flows in order to ascertain the environment (logical and physical) in which the card transactions are processed. This then becomes the focus of the PCI DSS compliance work.

Infrastructure review

URM works with its customers to ensure that compliance is facilitated by ensuring that the design of the infrastructure in which card transactions are processed is designed to optimise compliance.

Audit and assessment

Please refer to here.

Remediation

Not only does URM make recommendations to correct any non-compliance, it also provides consultancy to ensure that remediation activities are carried out in an appropriate manner to ensure compliance.

Compliance Maintenance

PCI DSS compliance is an on-going process. URM can provide consultancy services under a maintenance contract to ensure that compliance, once achieved, is maintained to the correct standard.

Benefits of PCI Compliance PCI DSS, through its binding collection of rules, aims to reduce financial fraud through improving the security capabilities of all aspects of an organisation's IT environment that processes payment card information. There are many benefits of PCI DSS compliance including the:

• Protection of customers’ personal data
• Increased customer confidence provided by a higher level of data security
• Increased protection against financial penalties and remediation costs that arise from security breaches
• Safeguarding the organisation’s brand and reputation
• Risk assessment and benchmarking of the security systems that surround the storing, processing and transmission of payment cardholder data.

• Consultancy Introduction
• Information Security (ISO 27001)
  • Information Security (ISO 27001)
  • How to Comply with ISO 27002 or Certify to ISO 27001
  • ISO 27001 Awareness Training
  • ISO 27001 Case Studies
  • ISO 27001 Health Check
• Information Security (PCI DSS)
  • Information Security (PCI DSS)
  • Stages of Compliance to PCI-DSS
• Information Security (DMA DataSeal)
• Business Continuity Management (BS 25999 / ISO 22301)
  • Business Continuity Management (BS 25999 / ISO 22301)
  • Significance of BS 25999 / ISO 22301
  • How to deploy BS 25999 / ISO 22301 - Lifecycle Stages
  • Crisis Management Simulation Exercises
  • New ISO Standard for BCM - ISO 22301
• IT Service Management (ITIL & ISO 20000)
  • IT Service Management (ITIL & ISO 20000)
  • Significance of ITIL & ISO 20000
  • How to deploy ITIL or certify with ISO 20000
• Data Protection
  • Data Protection - Introduction
  • URM's approach to Data Protection
  • BS 10012 - New DPA Standard
• Information Risk Management
  • Information Risk Management
  • URM's approach to Information Risk Management
• Software Asset Management
  • Software Asset Management
  • URM's approach to Software Asset Management
• Polices & Procedures
  • Polices & Procedures
  • URM's approach to Polices & Procedures
• Social Networking