PCI Qualified Security Assessor (QSA)

We are a Payment Card Industry (PCI) Qualified Security Assessor (QSA), and we offer specialist consultancy for compulsory PCI DSS compliance.

PCI Data Security Standard (PCI DSS) compliance is mandatory for organisations involved in the storage, processing or transmission of card holder data. However, it is a complex process and can be a minefield without the right level of knowledge or technical support.

We are qualified to offer specialist consultancy for compulsory PCI DSS compliance. We can also add value by offering in-house technical expertise to further improve network and information security for retail, MOTO, e-commerce organisations and service providers.

What's included in the Sec-1 QSA Solution for PCI DSS?

Our solution combines consultancy aligned to the standard and best-practice, plus technical testing and reporting, and includes the following core elements:

  • Cardholder Data Environment (CDE) Discovery/Mapping - a) Verbally mapped out; b) Verbally and Physically mapped out (Using Cardholder Data (CHD) discovery tools)
  • Segmentation Analysis and Recommendations
  • SAQ Analysis/Countersign
  • Report on Compliance for acquirers, merchants and service providers
  • Plus support elements personalised to your own current context, for example if you are:
  1. New to PCI
  2. Struggling with PCI
  3. Far along the PCI Journey
  4. Maintaining Compliance
  5. Fulfilling Specific Requirements

Whatever stage you are at, we have the knowledge and experience to tailor our solution around your individual needs.

Standalone services or optional add-ons

We can also help with the following standalone or add-on services, depending on your current context and specific requirements:

  • PCI focused penetration test (Requirement 11.3)
  • PCI focused firewall review (Requirement 1.3)
  • Logging/SIEM/FIM solution (Requirement 10)
  • IDS/IPS solution (Requirement 11.4)
  • Creation of (initial) configuration standards (Requirement 2.2)
  • Technical remediation services (Following requirement 11.3)
  • Wireless Scanning IDS solution (Requirement 11.1)
  • Two-factor secure remote access solution (Requirement 8.3)
  • Patching and/or Vulnerability Assessment solution (Requirement 11.2 & 6.1)

Why is the Sec-1 solution better?

The following facts help to position Sec-1 as a leading name in PCI DSS:

  • We are a PCI Qualified Security Assessor (QSA) company
  • We offer vast in-house PCI-specific expertise
  • Our solution is tailored to meet the latest PCI DSS v2.0 compliance standard, whatever stage you are currently at
  • We follow a standard methodology across consultants and penetration testers for quality assurance
  • We are CHECK ‘Green Light' & CREST accredited (Infrastructure & Application)

How can I find out more?

You can request a copy of our full standard PCI DSS methodology here.

For PCI DSS advice or to obtain a quote for your requirements, contact us on 01924 284 240 or email info@sec-1.com

Further information:

PCI DSS for global data security

The PCI DSS is a network and information security standard for applicable organisations involved in the storage, processing or transmission of card holder data. Compliance to the standard is mandatory for all acquirers, merchants and service providers dependent on transaction volume. The PCI DSS requires each entity involved in credit card processing to undergo an annual assessment to validate compliance to the standard.

The PCI DSS is intended to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. This is built upon 12 different requirements consisting of over 220 individual sub-requirements.

History

The PCI Data Security Standard was originally formed by Visa and MasterCard to bring together their individual compliance programs. Three other payment brands, American Express, Discover and JCB then joined up which lead to the start of the PCI SSC (Payment Card Industry Security Standards Council) being formed as an independent body providing oversight of the development and management of Payment Card Industry Security Standards on a global basis.

More information

Download our latest PCI whitepaper, 'PCI DSS 3.0: A Christmas Carol' (Dec 2014). 

You can access more information and a range of useful resources on the PCI SSC website here. You can also access the PCI DSS v2.0 here.

You may also find the following pages interesting:

Request callback Make an enquiry Receive newsletter?

'Following (our) initial meeting Sec-1 was requested to provide a Penetration Test for the Halcrow Group. The standard of report received has resulted in Sec-1 being the provider of choice for Penetration and Application Testing for the Halcrow Group and are retained for the foreseeable future.'

David Grant
Halcrow Group