PCI DSS Compliance

DIGIGUARD can prepare your business for payment card industry data security standard (PCI DSS) auditing and provide full support during the compliance process. Our team guides your SMB with information and documentation to meet the necessary standards. Being compliant signals your customers that your business transactions are safe. The cost of non-compliance and breaches can be severe and include fines, lawsuits, loss of card processing privileges, and loss of business and reputation. Our compliance services can include:

• Verifying of PCI DSS compliance standards and regulations
• Validating and testing controls
• Preparing questionnaires and reports
• Verifying vulnerability scan results
• Submitting documentation
• Certifying audit report
• Resolving issues and questions from auditing personnel

Self-Assessment Questionnaire (SAQ) Advisory

The Self-Assessment Questionnaire is a set of documents that merchants are required to complete every year and submit to their transaction bank. There are several SAQs available and DIGIGUARD will help you determine the correct ones to prepare based on payment channels and transaction volume. The SAQ provides additional information to our consultants regarding compliance as well as your policies, procedures and goals. Your QSA serves as an initial gap analysis of your organization's compliance readiness. Our experts will help you understand and evaluate the implications and responses to the results of the SAQ to achieve your compliance goals.

Pre-Audit Readiness Assessment

Before scheduling an official PCI DSS audit, it’s important to conduct a readiness assessment, or pre-audit. It’s designed to uncover and remediate any areas of weakness and will provide guidance to ensure compliance before an audit. Businesses new to PCI DSS or those navigating new processes will benefit from a readiness assessment prior to an audit. DIGIGUARD security experts will help you verify that you’ve correctly interpreted the PCI DSS rules. A readiness assessment can also uncover cost-effective ways to manage your security. Assessments are conducted both on- and off-site. Our consultants will review these areas during the readiness assessment:

• Data handling – Where cardholder data is stored, processed, handled or transmitted, including third-party sites and attempting to locate data in unauthorized areas such as spreadsheets and emails
• Define scope – Identify which systems are subject to DSS rules to guide actions and save time and money
• Scanning – Targets, ports, versions, vulnerability, application scanning
• Testing – Manual and automated penetration tests
• Policy – Review existing policies and procedures

Gap Analysis and Compliance Remediation

DIGIGUARD will perform a gap analysis and prioritize any non-compliance items discovered during the assessment. We will create a strategy and implement efficient and effective ways to help your business pass the audit and achieve compliance for PCI DSS. Here’s what we will do:

• Document the assessment findings with a readiness report
• Create a detailed list of remediation projects with technology requirements
• Create a remediation phase project plan with benchmarks and timelines

PCI DSS Audit Certification

DIGIGUARD is with you throughout your PCI DSS compliance project and performs your in-house compliance work to prepare for your audit. We can coordinate referrals to PCI-qualified independent auditors, or use your qualifying auditor. We offer support during the final audit for any additional documentation questions.

Compliance Monitoring

Compliance regulations may require annual audits of your security systems and procedures to retain your validation. DIGIGUARD provides third-party consultation and assessments to maintain compliance. Our team of consultants can provide ongoing compliance services, including:

• Annual audit preparation
• Regular network security monitoring service
• Assessments for specific network components
• Forensics and log monitoring for incident investigation
• Regular vulnerability scanning
• Review of encryption, access and security management
• Streamlining processes with industry expert knowledge
• Guidance for new systems and evolving regulatory challenges
• Improved ROI and outcomes of technology investments with expert product knowledge

Contact DIGIGUARD today for information on PCI DSS compliance services.