Payment Card Industry (PCI) Qualified Security Assessor (QSA) Services:
Understanding PCI regulations isn’t an easy task. Information Safeguard can assist your company in achieving PCI compliance. Our seasoned QSA Team understands the Intricacies of PCI Requirements and Possess the IT Security Skill Set to understand your PCI Infrastructure. Our QSA’s have experience assessing a wide range of merchants and service providers ranging from small business to fortune 100 companies.
Information Safeguard can provide the following Services:
- PCI QSA Level 1 Report on Compliance (ROC) Services –A Report on Compliance (ROC) tests the standards that are in place to protect the credit card information.
A PCI ROC is required for all Level 1 Merchants. A Level 1 Merchant is a retailer that has more than 6 million annual transactions with Visa and/or Mastercard.Documents required at different levels:
- Level 1 Merchant – ROC
- Level 2 Merchant – ROC or appropriate SAQ
- Level 3 Merchant – Appropriate SAQ
- A Report on Compliance is a report documenting detailed results from a PCI DSS assessment. A ROC must be completed by a Qualified Security Assessor (QSA) after an audit, and subsequently submitted to the merchant’s acquirer. The acquirer, after accepting the ROC, sends it to the payment brand for verification. Our comprehensive services assess your companies compliance against the latest PCI regulations and provide a ROC and Attestation of Compliance (AOC)
- PCI Self Assessment Questionnaire (SAQ) Services – The SAQ is utilized by a merchant or service provider to show compliance to PCI DSS. Level 2 and 3 merchants or service providers have the option to perform their own self assessment. Different SAQ’s are available depending on the way credit cards are being processed, stored and transmitted. Our QSA Team can assist your company understanding the various types of SAQ’s and assist in completing the SAQ.
- PCI Gap Analysis – Not ready for a PCI assessment. Information Safeguard can assist in defining the scope of your company’s cardholder data environment (CDE), provide a comprehensive Gap Analysis, and provide a detailed report showing areas that need attention.
- PCI Scope Discovery and Reduction Service – Scope reduction is a great way to reduce the cost of maintaining your company’s CDE. Information Safeguard will define and make recommendation to minimize the scope in turn saving your company money.
- PCI Advisory Services – Have questions regarding Scope, Requirements, What Evidence is needed? Our QSA Team can provide on demand advise regarding questions you might have.
PCI Technical Services:
- External and Internal Vulnerability Assessment Services – PCI Requirement 11.2 requires that organizations run internal and external network vulnerability scans at least quarterly and also after any significant change in the network. It’s crucial that vulnerability scans are performed by qualified personnel. Information Safeguard had expertise to perform the assessment and satisfy this requirement
- Penetration Testing – PCI DSS Requirement 11.3 requires that penetration testing be performed yearly and after any ‘significant change’ to the CDE. Information Safeguard has certified penetration testers on staff to assist you with this requirement.