Add to collection(s) Add to saved
  1. Business
  2. Management

PCI ComPlIanCe SolutIonS

Securely Enabling Your Business
PCI Compliance Solutions
Providing a High-Level Review
of Your Company’s PCI Obligations
Overview Any organization that stores, processes
or transmits credit card data must comply with
the Payment Card Industry Data Security Standard
(PCI-DSS). FishNet Security offers a wide range
of PCI-related services that help your company
achieve its compliance goals and build a sustainable
compliance program regardless of where you are in
the compliance cycle.
FishNet Security Payment Card Industry (PCI)
Service Offerings:
1.
PCI Executive Workshop
2.
Pre-Assessment
3.
Key Controls Assessment
4.
Gap Assessment
5.
Self-Assessment Questionnaire
6.
Report on Compliance (RoC)
Not sure where to start?
Simplify your PCI initiatives
with FishNet Security.
Contact us today for details.
888.732.9406
Corporate Headquarters / 6130 Sprint Parkway / Ste. 400 / Overland Park, KS 66211 / 888.732.9406
Corporate Headquarters 6130 Sprint Parkway, Ste. 400 Overland Park, KS 66211 • 888.732.9406
ID#PRC.SL0015 01.16.2013
ID#12XX0000
© 2013 FishNet Security.
All Modified
rights reserved.
Last
00.00.2012
© 2012 FishNet Security. All rights reserved.
PCI Compliance Solutions
Providing a High-Level Review
of Your Company’s PCI Obligations
Receive customized consulting
1.
PCI Executive Workshop
Goal: To provide a high-level understanding
of your company’s PCI obligations.
Overview: These engagements typically
focus on two of three areas: PCI Awareness,
Cardholder data environment scope and
Key Controls Awareness/Compliance.
These areas of focus result in a high-level
review and basic understanding of your
PCI obligations. While we suggest that
the QSA focus on education, scope or a
specific item/issue, the QSA is available
to support the client’s PCI compliance
needs for the engagement duration.
2.
PCI Review
Time Frame
▪▪
▪▪
▪▪
▪▪
PCI Awareness
Data Environment
Compliance
Engagement
▪▪
▪▪
▪▪
▪▪
▪▪
Determine Focus
Presentation
PCI Overview
PCI Education
▪▪
▪▪
Overview: Typically combines onsite
▪▪
Information Gathering
Interview Key Staff
Members
Review Pre-determined
Documentation
PCI Education
Time Frame
▪▪
▪▪
▪▪
QSA Notes
Review Payment Card
Processing Methods
interviews to provide a high-level
understanding of gaps in PCI Compliance.
▪▪
▪▪
▪▪
▪▪
Documentation Review
Engagement
and remote interviews (tele-conference)
with key personnel, including business
owners, network and systems engineers,
developers, call center staff and
security personnel. The onsite portion
focuses on conducting interviews,
performing walkthroughs of cardholder
data processing environments and
high-level documentation reviews.
Deliverables
Interviews
Pre-Assessment
Goal: Review key controls though
1-3 Days Onsite
2-4 Weeks Total
3-5 days Onsite
10-25 Days Remote
Assessments
Deliverables
Key Controls Assessment
Report
▪▪
▪▪
▪▪
Detail Each Key Control
Assessed
Detail Confirmed or
Suspected Areas of NonCompliance
Provide Recommendations on Compliance and
Remediation Strategies
ID#12XX0000
Corporate Headquarters / 6130 Sprint Parkway / Ste. 400 / Overland Park, KS 66211 / 888.732.9406 Last Modified 00.00.2012
Corporate Headquarters 6130 Sprint Parkway, Ste. 400 Overland Park, KS 66211 • 888.732.9406
© 2012 FishNet Security. All rights reserved.
3. Gap Assessment
Goal: Review all controls though interviews,
documentation reviews and technical testing to
provide a detailed understanding of gaps in PCI
Compliance. This understanding is critical when
planning remediation projects, particularly for
companies working on first-time compliance.
Overview: Focuses on all 12 areas of the PCI Data
Security Standard and dives into the detail associated
with each individual control. Assessment combines
remote and onsite interviews, documentation reviews
and walkthroughs of cardholder data processing
environments, and examines process flows and all
other areas associated with card-data processing
and its associated and supporting systems.
4. Self-Assessment Questionnaire
Two Available Options:
Guidance: FishNet Security can provide SAQ
guidance to companies that wish to sign their own
SAQ FishNet Security will base the level of effort
on the number of days of assistance required.
Attestation: If FishNet Security will be
attesting to (signing) the SAQ, then the
following information describes the offering.
Goal: Conduct a PCI Assessment consistent
with an SAQ. The engagement will conclude in a
completed Self-Assessment Questionnaire and
Attestation of Compliance, which can be submitted
to the credit card brands and the acquiring bank.
Engagement
▪▪
▪▪
▪▪
▪▪
Review Policies and
Procedures
Interviews With Key
Staff Members
Review Data Card
Systems
Test PCI Controls
Time Frame
▪▪
▪▪
▪▪
▪▪
▪▪
▪▪
Review Policies and
Procedures
Interviews With Key
Staff Members
Review Data Card
Systems
Test PCI Controls
Time Frame
▪▪
▪▪
▪▪
▪▪
▪▪
▪▪
▪▪
Non-Technical Executive
Summary
PCI Environment Scope
and Discovery
Cardholder Data
Environment Scope and
Discovery
Action Steps to Mature
Compliance Posture
4-8 Weeks Total
Minimum 5 Days Onsite
20 Days Remote
Assessment
Engagement
▪▪
Deliverables
4-15 Weeks Total
Minimum 5 Days Onsite
15 or More Days for
Remote Assessment
Deliverables
▪▪
Completed SelfAssessment
Questionnaire and
Attestation of
Compliance
Note: If the client is not
compliant, then a Key
Controls Assessment
Report will be provided in
lieu of an SAQ.
Overview: Focuses on all pertinent areas of the
SAQ and dives into the detail associated with each
required control. Assessment combines remote
and onsite interviews with documentation reviews
and walkthroughs of cardholder data processing
environments, and examines process flows and all
other areas associated with card-data processing
and their associated and supporting systems.
Corporate Headquarters 6130 Sprint Parkway, Ste. 400 Overland Park, KS 66211 • 888.732.9406
ID#12XX0000
Last Modified 00.00.2012
© 2012 FishNet Security. All rights reserved.
PCI Compliance Solutions
Providing a High-Level Review
of Your Company’s PCI Obligations
5. Report on Compliance (RoC)
Goal: Conduct a PCI Assessment and review
all controls though interviews, documentation
reviews and technical testing. Engagement
will conclude in a formal report on compliance
(RoC), which can be submitted to the credit
card brands and the acquiring bank.
Overview: Focuses on all 12 areas of the PCI
Data Security Standard and dives into the detail
associated with each individual control. Assessment
combines remote and onsite interviews with
documentation reviews and walkthroughs of
cardholder data processing environments, and
examines process flows and all other areas
associated with card-data processing and
their associated and supporting systems.
Engagement
▪▪
▪▪
▪▪
▪▪
Review Policies and
Procedures
Interviews With Key
Staff Members
Review Data Card
Systems
Test PCI Controls
Time Frame
▪▪
▪▪
▪▪
6-20 Weeks Total
Minimum 5 Days Onsite
20 Days or More Remote
Assessment
Deliverables
Non-Technical Executive
Summary
▪▪
▪▪
▪▪
▪▪
▪▪
▪▪
Business Summary
Cardholder Data
Environment Scope
Cardholder Data Flow
Diagrams and Narratives
Network Segmentation
and Wireless
Environment
Documentation
Summary of Systems
Sampled and Persons
Interviewed
Compensating Controls
Controls Finding Detail
▪▪
/company/fishnet-security
/fishnetsecurity
/fishnetsecurity
Detailed PCI-DSS Testing
Results
About FishNet Security
FishNet Security, the No. 1 provider of information security
solutions that combine technology, services, support and training, enables clients to manage risk,
meet compliance requirements and reduce costs while maximizing security effectiveness and
operational efficiency. FishNet Security is committed to information security excellence and has
a track record of delivering quality solutions to more than 5,000 clients worldwide.
learn more
About our Industry Expertise at:
www.FishNetSecurity.com
Corporate Headquarters / 6130 Sprint Parkway / Ste. 400 / Overland Park, KS 66211 / 888.732.9406
Related documents
cts-software-engineer-junior
cts-software-engineer-junior
System Integration Engineer
System Integration Engineer
US Department of Defense and Intelligence Community Clients.
US Department of Defense and Intelligence Community Clients.
US Department of Defense and Intelligence Community Clients.
US Department of Defense and Intelligence Community Clients.
Cloud Developer (Java)
Cloud Developer (Java)
transradial percutaneous coronary angioplasty
transradial percutaneous coronary angioplasty
Cubilis by Stardekk
Cubilis by Stardekk
System Administrator
System Administrator
peri-procedural hemoglobin drop and creatinine
peri-procedural hemoglobin drop and creatinine
Download