PCI Pre-Audit and Compliance Assessments
NetSPI's PCI pre-audit assessment allows first-time Level 1 merchants and service providers to identify gaps in compliance against the PCI Data Security Standard. Many organizations indicate they are compliant with the standards. However, organizations that have not endured a Report on Compliance audit do not fully comprehend the level of detail required for successful validation. Our process assists organizations in preparing for the Report on Compliance. Similarly, NetSPI's PCI Compliance Assessment allows organizations to evaluate their state-in-time compliance against the PCI Data Security Standard.
Our detailed assessments provide the following components:
-
Gap Analysis - evaluate current environment and controls against the most current PCI Data Security Standard
-
Risk Prioritization - risk-based prioritization of non-compliant areas allows customers to address areas of highest risk
-
Remediation Strategy - detailed recommendations to remediate areas of non-compliance using a vendor-agnostic approach (NetSPI does not sell product)
-
SAQ - completed Self-Assessment Questionnaire
PCI Report on Compliance
NetSPI's PCI validation services provide merchants and service providers with annual onsite validation of the PCI Data Security Standard. As a QSA firm, NetSPI is certified to provide this independent validation. Our QSAs are experienced security professionals who understand your industry. Through this experience, our QSAs can recommend solutions, including compensating controls. Unlike other QSA organizations, NetSPI does not sell product, and our customers can rest assured that we are product-agnostic.
PCI Program Consulting
NetSPI's program management services work with organizations to develop PCI programs. Often, organizations scramble near the time of audit to ensure that all controls are in place. But a requirement of PCI is to be compliant at all times, not at just the time of audit. NetSPI works with organizations to operationalize PCI, that is, to integrate PCI in the daily workflow of technology and security. By integrating PCI into their daily processes, organizations are better prepared for the audit and do not have to scramble to get technology or process implemented. Ultimately, this integration results in lower costs, more efficiency, and greater security.
PCI Quarterly ASV Scanning
The Quarterly PCI/ASV Assessment will help clients identify and address the security issues that exist in their Internet-accessible environment, reduce risk to cardholder data and other sensitive information, and demonstrate compliance with PCI DSS requirement 11.2.
Penetration Testing
NetSPI's internal and external penetration tests provide clients with an understanding of the exposures related to their systems, applications, and sensitive information, and take into consideration the required scope, appropriate sample sizes, and reporting requirements outlined in the PCI 11.3 requirement and supplement. Specifically, NetSPI leverages automated and manual processes to determine susceptibility to code, configuration, and patch-related vulnerabilities. During penetration tests NetSPI will attempt to gain unauthorized access to target systems and applications, escalate privileges in the target environment, and gain access to sensitive information such as cardholder data.
