PCI-DSS COMPLIANCE

DSSManager is composed of 3 tiers of service, delivered and managed on a proprietary platform owned and developed by INTEGRITY. The base services will assist the PCI compliance process in any Organisation and the continued services will allow the PCI compliant organisation to maintain the compliant status. The opcional services will address the specific reality of each PCI compliant company needs.

Base Services include:

• Compliance Portal Access - customised compliance Portal, in order to monitor compliance at any time;
• SAQ Assistance - assistance with Self Assessment procedures and reporting (SAQ);
• Risk Assessment - promote a risk based approach to PCI compliance;
• Gap Assessment - identify and prioritise actions and control implementations.

Continued Services include:

• Cyber Risk Assessment Reports - generate and deliver a monthly report assessing your cybersecurity and PCI-DSS compliance posture;
• Security Advisor Reviews - regular compliance reviews with your team and one of our expert security advisors for continuous improvement;
• Compliance Updates & Changes - alerts on any updates or changes regarding PCI-DSS, also the Portal will reflect the changes;
• Continuous pentesting - regular pentesting of all assets in scope;
• Continuous ASV Scan (for Organisations required - provided by a Third Party);
• Vulnerability Scan (when ASV not required or to cover additional assets);
• KEEP-IT-SECURE-24 Integration / Network Penetration Testing.

Optional Services include:

• Attestation of Compliance (AOC) certificate;
• Onsite security assessments and full report on PCI compliance (ROC);
• Employee Education & Cybersecurity Awareness Training services;
• And a vast list of additional on demand or continuous consulting services related to PCI-DSS compliance maintenance.

Our QSA team will provide PCI guidance, through a risk-based approach, where:

• Compliance report, aligned with PCI requirements;
• All compliance goals will be validated;
• Client’s team will be supported in the definition of the scope and limit of cardholder data;
• Client will be provided with a workbook with a PCI-DSS Priority Approach, and also a timetable for achieving that compliance.

Report made of more than 200 requirements resulting from the face-to-face work developed out in the field, such as inspection of evidence, and interviews made by an INTEGRITY QSA. The assigned QSA element will be responsible for conducting the assessment and will guide the client through this process.

The PCI-DSS assessment carried out includes:

• Detailed analysis of the organisation's cardholder data environment;
• As well as a detailed description of the client's compliance with PCI-DSS.

If corrections are required to achieve or maintain PCI compliance, INTEGRITY QSA elements may:

• Determine the main cause of non-compliance;
• Identify potential solutions to achieve compliance;
• Propose a project plan and remediation schedule to achieve it.

The team will remain available to review the progress, while the client performs remediation activities, to ensure the efforts are made in the correct way to achieve compliance.

Our team is made of professionals with extensive and in-depth experience in data protection, to attend and support clients in all they might need to keep their cardholder data processed, transmitted, or stored by the customer, protected.

The client will be provided with not only a report but with a deep understanding of their business to take the next step.

We are able to provide the required quarterly external vulnerability scan through a trusted business partner, an Approved Scanning Vendor (ASV).