PCI Assessment, Auditing and Compliance Services
Achieve your compliance goals and build a sustainable program regardless of where you are in the compliance cycle.
Any business that processes, stores, or transmits credit card data is subject to PCI compliance. This program is mandatory and can be very complicated to navigate. Structured has years of experience helping companies navigate complex regulatory and compliance programs.
The PCI-DSS (Payment Card Industry – Data Security Standard) has been in effect since 2006 and all organizations are now required to be compliant. The standard is held in such high regard that an increasing number of US states have codified compliance into law. Failure to comply not only carries financial consequences but potentially legal ones as well.
How can PCI Assessment and Remediation Services help my business?
Structured can help you understand how the PCI-DSS standard applies to your organization by applying some or all of the following services.
- Scope identification of Payment Applications and Cardholder Data Environment
- Compliance can be a costly endeavor if the entire network is considered in-scope. Structured, with decades of network and security engineering expertise, will help minimize the footprint of the Cardholder Data Environment. Securely separating the storage, processing, and transmission of Cardholder Data from the rest of the network will reduce compliance costs and simplify the overall process.
- Gap Assessment
- Structured will though interviews, documentation reviews, and visual assessment provide comprehensive analysis of where your organization is currently and what steps will need to be taken to achieve compliance. A prioritized approach will be used to help with roadmap planning.
- Cardholder Data Identification
- Structured will use tools to identify if cardholder data exists on workstations or servers. This process can help eliminate systems or entire networks from the scope of PCI compliance.
- Vulnerability Assessment / Penetration Testing
- Structured has made investments in industry leading vulnerability assessment tools and penetration testing expertise. Quarterly internal scans are required, as is annual internal and external penetration testing.
- Remediation Consulting / Remediation Services
- Structured can help facilitate the remediation of any findings from the previous steps. From policy development and network engineering to the implementation of specific point security products to get your organization into compliance.
- Full QSA Certified Assessment and Certification
- As a fully qualified QSA, Structured is able to provide audits to Level 1 merchants through Level 4 merchants and all levels of Service Provider. We have provided services to publicly traded Fortune 500 companies and small payment startups. We can provide a Report on Compliance and Attestation of Compliance to your acquiring bank.
- Assisted Self-Assessment
- Small merchants may not need to submit a full Report on Compliance to their acquiring bank but they will need to submit a Self Assessment Questionnaire (SAQ) on an annual basis. Structured can help you understand the appropriate SAQ for your organization and how to answer the questions so that you are in full compliance with the PCI-DSS requirements.