Problem

The Payment Card Industry (PCI) Data Security Standard (DSS) is an information compliance standard for the Payment Credit Card Industry which has replaced older inconsistent standards that were imposed by various credit card brands. Merchants use credit card information to process transactions, while processors store and manipulate cardholder information. Level-2 through level-4 merchants must complete and submit a “Self Assessment Questionnaire” annually in order to satisfy the requirements of their bank credit card providers.

Solution

Busy IT departments must complete the PCI DSS “Self Assessment Questionnaire” in order to avoid harsh fines and penalties. Many IT departments lack the competence and staff to complete the questionnaire with accuracy, precision, and independence.

KRAA Security provides an independent review of controls applied to the IT infrastructure geared toward companies that are required to complete the PCI DSS “Self Assessment Questionnaire”. Our approach is to help limit the scope of the review and focus only on the systems, networks, and processes associated with cardholder information. We alleviate management and the IT staff from the onerous task of interpreting, evaluating, and reporting on PCI DSS compliance while providing independence. We will review current state of all PCI assets connected to the internal network and perform a vulnerability analysis.

The PCI security Assessment will produce a comprehensive report that includes an executive overview, findings, and recommendations. We will also complete and deliver the PCI “Self Assessment Questionnaire” to management, in a formal presentation. During the engagement we will collect IT policies, procedures, interview key employees, randomly test controls to validate compliance with security policies and procedures.