PCI/PA-DSS Compliance Services

NetSPI’s PCI Compliance Assessment allows organizations to evaluate their state-in-time compliance against the PCI Data Security Standard. Our detailed assessments provide the following components:

• Gap Analysis – evaluate current environment and controls against the most current PCI Data Security Standard
• Risk Prioritization – risk-based prioritization of non-compliant areas allows customers to address areas of highest risk
• Remediation Strategy – detailed recommendations to remediate areas of non-compliance using a vendor-agnostic approach (NetSPI does not sell product)
• SAQ – completed Self-Assessment Questionnaire

NetSPI’s PCI pre-audit assessment allows first-time Level 1 merchants and service providers to identify gaps in compliance against the PCI Data Security Standard. Many organizations indicate they are compliant with the standards. However, organizations not having endured a Report on Compliance audit do not fully comprehend the level of detail required for successful validation. Our process assists organizations in preparing for the Report on Compliance.

NetSPI’s PCI validation services provide merchants and service providers with annual onsite validation of the PCI Data Security Standard. As a QSA firm, NetSPI is certified to provide this independent validation. Our QSAs are experienced security professionals who understand your industry. Through this experience, our QSAs can recommend solutions, including compensating controls. Unlike other QSA organizations, NetSPI does not sell product, and our customers can rest assured that we are product-agnostic.

NetSPI’s program management services work with organizations to develop PCI programs. Often, organizations scramble near the time of audit to ensure that all controls are in place. But a requirement of PCI is to be compliant at all times, not at just the time of audit. NetSPI works with organizations to operationalize PCI, that is, to integrate PCI in the daily workflow of technology and security. By integrating PCI into their daily processes, organizations are better prepared for the audit and do not have to scramble to get technology or process implemented. Ultimately, this integration results in lower costs, more efficiency, and greater security.

As an Approved Scanning Vendor (ASV) qualified by the Payment Card Industry Security Standards Council (PCI SSC), NetSPI offers clients the Quarterly PCI/ASV Assessment to demonstrate compliance with the Payment Card Industry’s Data Security Standard (PCI DSS) and also to gain insight into their overall security posture. The Quarterly PCI/ASV Assessment will help clients identify and address the security issues that exist in their Internet-accessible environment, reduce risk to cardholder data and other sensitive information, and demonstrate compliance with PCI DSS requirement 11.2.

NetSPI's internal and external penetration tests provide clients with an understanding of the exposures related to their systems, applications, and sensitive information. Specifically, NetSPI leverages automated and manual processes to determine susceptibility to code, configuration, and patch-related vulnerabilities. During penetration tests NetSPI will attempt to gain unauthorized access to target systems and applications, escalate privileges in the target environment, and gain access to sensitive information such as cardholder data.

NetSPI’s Payment Application validation services provide software vendors that develop applications that store, process, or transmit cardholder data as a part of authorization or settlement services with validation against the Payment Application Data Security Standard. Our PA-QSAs have an application development background as well as significant security experience.