PCI Compliance
Simple PCI compliance consulting services for businesses of all sizes
If your organization has an online presence, a lack of security services not only opens your business to malicious attack, but also reduces the confidence your customers have in your ability to keep their data safe. And if you accept online credit-card payments, the stakes are exponentially higher. While exposing personally identifiable information is problematic, exposing payment details and credit card information causes a ripple effect that could take years and millions of dollars to rectify and may mean losing your business forever.
Selecting a Qualified Security Assessor
A Qualified Security Assessor (QSA) is a data security firm that is certified by the PCI Security Standards Council to perform on-site security assessments for verification of compliance with the PCI Data Security Standard (PCI DSS). While US IT Services is not a QSA, we can ensure the assessment process goes smoothly by preparing your systems and policies as well as helping you choose a QSA.
We facilitate a successful assessment by:
- Verifying all technical information given by merchant or service provider
- Using independent judgment to confirm that standards have been met
- Providing support and guidance during the compliance process
- Remaining on site for the validation of the assessment or duration
- Producing the final report
- Ensuring adherence to the PCI DSS Security Assessment Procedures
- Validating the scope of the assessment
- Selecting systems and system components where sampling is employed
- Evaluating compensating controls
- Reviewing the work product that supports the PCI DSS Requirements and Security Assessment Procedures
Companies that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS can be found here.
Your PCI Compliance Checklist
This standard set of security requirements constitutes the PCI DSS, and compliance with these standards is an ongoing process for merchants. The following checklist details the overarching goals and basic measures your organization needs to achieve or maintain compliance.
| Goals | PCI DSS Requirements |
|---|---|
| Build and Maintain a Secure Network |
1. Use a firewall
2. Do not use default parameters |
| Protect Cardholder Data |
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data |
| Maintain a Vulnerability Management Program |
5. Use antivirus software
6. Develop secure systems and applications |
| Implement Strong Access Control Measures |
7. Restrict access to cardholder data
8. Assign a unique ID to each person 9. Restrict physical access to cardholder data |
| Regularly Monitor and Test Networks |
10. Monitor all access to network and cardholder data
11. Regularly test security systems and processes |
| Maintain an Information Security Policy | 12. Maintain a security policy |
Contact US IT Services today to review the PCI Compliance Checklist with an audit, and learn how to better secure your clients’ data and your organization’s future.
Are you responsible for achieving compliance with additional data security regulations? Read about our other compliance services, or contact us for more information.
