PCI Compliance Services SCIGON Exclusives TA R G E T E D S O L U T I O N S SCIGON Solutions tailors its PCI e r PCI Compliance u s n E Compliance solutions around your specific environment and goals. Whether you just need guidance on PCI obligations and a compliance report or a more comprehensive assessment and remediation actions, we can fit the solution to your needs. PROVEN APPROACHES We give you a complete picture of your company’s compliance with PCI requirements through an effective combination of assessments, reports and expert guidance. SCIGON leverages proven methodologies and tools, paired with our expertise and a comprehensive approach to PCI compliance assessments to ensure a complete picture of your PCI posture. All organizations that process, transmit or store SCIGON’s Gap Assessment uses interviews with credit card data must implement measures to staff members, policy reviews, PCI control testing, comply with the Payment Card Industry Data and assessment of data card systems to provide Security Standard (PCI-DSS). SCIGON Solutions an executive summary, PCI and cardholder data offers a wide range of PCI-focused services that environment details, and actionable next-steps to help your company achieve its compliance goals advance your company’s compliance posture. and build a sustainable program regardless of where you are in the compliance cycle. Our Self-Assessment Questionnaire explores details for each required control and process flow, E F F E C T I V E R E M E D I AT I O N We offer risk remediation as an SCIGON Solutions offers a comprehensive set of and all other areas associated with card-data pro- integral component of processes Payment Card Industry (PCI) Service Offerings to cessing and associated systems before delivery centered on ensuring not only meet our client’s unique needs. For example, PCI of an Attestation of Compliance or a Key Controls awareness of PCI compliance compliance training offers stakeholders a high- Assessment Report. Our Compliance Report gaps, but also access to experts level understanding of your company’s PCI obli- provides a detailed overview of your PCI compli- who can address problems. gations. Our Pre-Assessment Service gives you a ance posture, including an accurate view of your Equipping client teams with snapshot of data processing environments and cardholder data environment, data flow, network these tools ensures continuous business practices with suspected areas of non- environment, compensating controls, and a full compliance. SCIGON can work compliance and remediation strategies. systems summary. hand-in-hand with your internal teams to identify gaps and close them in a cost-effective, efficient manner. SCIG N S O L U T I O N S © 2014 SCIGON Solutions, Inc. PCI SOLUTIONS: ENSURE COMPLIANCE Get Results CERTIFIED EXPERTS SCIGON Solutions uses experts certified by all major card brands. Our security compliance professionals ensure alignment between customers and critical regulatory requirements. COMPREHENSIVE COVERAGE Our assessments focus on all 12 areas of the PCI Data Security Standard and dives into the details associated with each individual control. We combine remote and on-site interviews with documentation reviews and walkthroughs of cardholder data processing environments, and examines process flows and all other areas associated with card-data processing and their associated and supporting systems. EXPERIENCE SCIGON Solutions provides cost-effective recommendations and plans to strengthen your overall security posture. Targeted assessments combine the strengths of services tailored around your goals with experience-based recommendations that ensure effective results. JUDGEMENT We understand how business Case Study Industry: Hospitality and Entertainment Client’s Profile: One of the largest hotel chains globally with more than 4,000 hotels and resorts in 90+ countries. The Challenge The customer was facing several regulatory requirements involving important changes in its internal processes and technology. One of these requirements was from the Payment Card Industry (PCI). The implications of such requirements, as well as the required efforts to move forward to a compliance process, were unclear from an information security perspective, The PCI Data Security Standard (DSS) is a set of specific security requirements for all companies that process, transmit or store payment card information. This security standard is intended to help organizations protect customer account data and reflects most best practices for securing sensitive information. The Solution Since the customer lacked a clear understanding of PCI requirements implications, and given that its compliance project was in its initial stage, our approach for this mandate centered on performing a PCI DSS Data Discovery and a PCI Gap Assessment in relation to PCI DSS requirements. For the PCI DSS Data Discovery • We started by performing a business processes analysis in order to identify payment options as well as cardholder information to be protected • We analyzed and documented business functions that accept credit card payments, including those involved in storing, processing or transmitting payment card data • We identified and documented the technologies used to store and process credit card data • We identified and documented the IT infrastructure that process and transmit credit card data • We provided a detailed data flow report with credit card holder data register For the PCI Gap Assessment • We evaluated the customer’s currently security controls, in comparison with specific requirements established in the PCI DSS • During this evaluation, we considered human, technical and administrative aspects • We performed a comprehensive revision of all information security documentation available • Our network design team contributed to a technical review of critical IT infrastructure elements, with a focus on network architecture • As a result from this process, we produced a detailed report showing all gaps between existing security controls and PCI DSS requirements • Finally, we provided the customer with a list of recommendations and a proposed action plan in order to correct identified gaps About SCIGON Solutions SCIGON Solutions’ track record in providing information security solutions stems from our combining capabilities in key areas of technology, enterprise services, support and training. Blending experience with these capabilities enables our clients to better manage risk, meet compliance requirements and reduce costs, while maximizing security effectiveness and operational efficiency. goals drive security needs. SCIGON Solutions provides risk-based recommendations through a deep understanding of both business and technical SCIGON Solutions is committed to information security excellence and offers these services to public sector and private organizations across the United States. We number several Fortune 100 companies among our clients, and are an IBM Advanced Business Partner. SCIGON Solutions understands “Mission-Critical” in security. implications of security threats. Contact us for Details on Security Services SECURITY SERVICES Security Assessment Security & Network Integration Governance Risk & Compliance Enterprise Architecture PCI Compliance SCIG N S O L U T I O N S 420 Lake Cook Rd Suite 104 Deerfield, IL 60015 877.554.5678 ph 847.739.3139 fax www.scigonsolutions.com