When facing the need to comply with PCI-DSS, it is necessary to study how each of the requirements of PCI-DSS affects the company. A2SECURE offers an analysis service of the organization, where points where credit card information is transmitted, processed or stored are identified. Then the risks/level of adaptation to the standard are evaluated and guidelines for compliance are provided.
Finally, the verification SAQ of the status of compliance with PCI-DSS is completed.
This service is developed through a 3-phase project that is detailed below:
“A2SECURE has made the work of auditing our network much easier. A2 team takes care of this nightmare.”
Azucarera Ebro IT Systems Director
Before initiating a comprehensive study on how each of the PCI-DSS requirements impacts on an organization, it is necessary to analyze the scope of the standard altogether. This is done with the goal of having an overview as detailed as possible of the work setting and also as a platform to reduce the impact of the standard on the organization.
Once the structure and process of the company are known, as well as the context of the data of their credit cards, A2SECURE performs the local evaluation of the scope and point-to-point applicable PCI DSS requirements. Through this analysis, the areas of compliance, non-compliance, partial compliance and non-applicability are identified. All evidence and observations collected at this phase will be included in the report of PCI DSS compliance.
As the end of the project, the client’s SAQ will be completed in order to demonstrate its compliance or level of compliance with PCI-DSS against third parties.
As a QSA company and through our experience, we can help you to adapt PCI-DSS as much as possible to your business processes, not the other way around.
It is important to understand the norm and what is intended, in order to align the requirements to the particularities of your organization.
If you want to know more about our service, do not hesitate to contact us.