PCI DSS (Payment Card Industry Data Security Standard) is an international payment system security standard (American Express, Discover Financial Services, JCB International, MasterCard and Visa). It offers a framework for adequate protection of credit card data. All organizations that process, store or transmit credit card data must comply with the requirements of the PCI DSS and have to perform annual QSA audits, SAQ self-assessments, or quarterly ASV vulnerability scanning. The required verification depends on the annual number of processed credit card transactions and is mandatory for merchants, financial institutions (issuer, acquirer) as well as credit card processing centres.
SIQ Ljubljana can help you throughout the process of establishing and maintaining compliance with the PCI DSS. We offer the following services:
Gap analysis is used to identify deviations from the PCI DSS requirements. Our experienced and accredited auditors help the organization to identify all areas of non-compliance and offer recommendations to help meet the requirements. The outcome of the gap analysis is also the determination of scope of the infrastructure that is subject to the PCI DSS requirements, which is the required information for the self-assessment (SAQ).
Self-Assessment (SAQ) Assistance
Our experienced and accredited professionals can assist the organization in completing the self-assessment questionnaire (SAQ). They can also offer recommendations to help meet the requirements for PCI DSS compliance.
The audit is carried out by our accredited QSA professionals (Qualified Security Assessors) with years of experience in the field of information security (CISA, CISM). The audit includes a thorough review of the infrastructure that is subject to the PCI DSS requirements and concludes with a Report on Compliance (RoC).
Vulnerability scanning is performed by our accredited ASV professionals (Approved Scanning Vendors) with years of experience in the field of security assessments (EC CEH, GCIH and GPEN). This comprises the vulnerability scanning of all publicly available systems that are part of or provide a path to the credit card data environment. The result is an Attestation of Conformity (AoC) with a detailed report on identified vulnerabilities, classified according to the CVSS score.