Getting the balance right

Payment Card Industry, Data Security Standard (PCI DSS)

The objective of PCI DSS is to facilitate consistent and effective data security measures as well as greater accountability across all organisations which process credit card transactions. The PCI DSS was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International.

All organisations that process credit card transactions must comply with the PCI DSS from June 2007; there is no opt out. The compliance rulesets vary according to different types of organisation and how many transactions are processed. Non-compliance can lead to a variety of penalties including fines.

PCI DSS Requirements

The PCI DSS includes 12 high level requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. These are then broken down into very detailed implementation controls.

URM's Consultancy and Assessment Services

URM is one the UK's leading information security consultancy and training organisations assisting customers to comply and certify to national and international Standards.

URM is a PCI Qualified Security Assessor (QSA) which means that it has been certified by the PCI Security Standards Council (PCI SSC) to assess organisations compliance with the PCI DSS. URM's PCI assessment services can be found here.

Apart from its assessment capability, URM, through a different team, is able to assist organisations prepare for compliance by conducting a gap analysis and assisting with remediation activities.

URM is working with a number of high profile organisations to help them to achieve compliance to PCI DSS in the most efficient and cost effective manner. Due to the urgent need to comply with the PCI DSS, these projects are often carried out against extremely tight deadlines.

Due to the relative immaturity of the PCI DSS there is some divergence of opinion in the market about how to interpret the Standard's 'Requirements'. URM's services are, therefore, focussed on ensuring that its customers are properly positioned for compliance based on the latest information from the PCI Security Standard Council. This will give customers greater confidence that it is following the correct compliance process.

• Consultancy Introduction
• Information Security (ISO 27001)
  • Information Security (ISO 27001)
  • How to Comply with ISO 27002 or Certify to ISO 27001
  • ISO 27001 Awareness Training
  • ISO 27001 Case Studies
  • ISO 27001 Health Check
• Information Security (PCI DSS)
  • Information Security (PCI DSS)
  • Stages of Compliance to PCI-DSS
• Information Security (DMA DataSeal)
• Business Continuity Management (BS 25999)
  • Business Continuity Management (BS 25999)
  • Significance of BS 25999
  • How to deploy BS 25999 - Lifecycle Stages
  • Crisis Management Simulation Exercises
  • New ISO Standard for BCM - ISO 22301
• IT Service Management (ITIL & ISO 20000)
  • IT Service Management (ITIL & ISO 20000)
  • Significance of ITIL & ISO 20000
  • How to deploy ITIL or certify with ISO 20000
• Data Protection
  • Data Protection - Introduction
  • URM's approach to Data Protection
  • BS 10012 - New DPA Standard
• Information Risk Management
  • Information Risk Management
  • URM's approach to Information Risk Management
• Software Asset Management
  • Software Asset Management
  • URM's approach to Software Asset Management
• Polices & Procedures
  • Polices & Procedures
  • URM's approach to Polices & Procedures
• Social Networking