PCI Pre-Audit

The Payment Card Industry (PCI) Data Security Standard was developed by American Express, Discover Financial Services, MasterCard, and Visa to provide a common framework for handling credit card data. It mandates organizations handling credit card information to build and maintain secure network infrastructures and data handling processes.

Are you ready for PCI certification?

Our PCI Pre-Audit program discovers the deficiencies in your policies and practices, network infrastructure, and data systems prior to completing a PCI DSS audit. We will identify any gaps that may exist between your current state and the Compliance Requirements so that you can mitigate these before actual PCI certification testing.

Even if your not required to be compliant with PCI, many organizations compare themselves against the PCI criteria to proactively assess the security and privacy of their data within their organization and during external transmissions

During a PCI Pre-Audit, DigitalDefence will:

• Identify your compliance requirements, and prepare an assessment checklist to scope the analysis
• Using a series of structured interviews, and on-site inspections, we will assess your current state, including:
  • Conduct a review of your security and privacy policies and practices
  • Prepare a data flow analysis, fully documenting where critical data is being gathered, analyzed, transmitted, and stored
  • Review your network architecture
  • Conduct a vulnerability assessment and penetration testing of the network, applications, and source code
• Identify all gaps between your present state and the PCI compliance requirements
• Using a Project Manager who specializes in security projects, provide full remediation assistance to address the gaps and achieve auditable compliance with the PCI standard
• Assist you in filing the necessary reports with the PCI Security Council; an official acceptance would grant your organization the PCI Certification

DigitalDefence also provides many of the supporting services required to maintain your PCI certification, including:

• Implementation and audit of the perimeter firewall (Requirement 1)
• Conduct regular password audits to ensure that vendor-supplied defaults for system passwords are not in use (Requirement 2)
• Conduct vulnerability assessments to ensure that all cardholder data is protected during storage (Requirement 3)
• Using ISIS, our Information Security Intelligence System, we can provide you with newly discovered security vulnerabilities (Requirement 6.2)
• Assist in the development of a software development life cycle program tailored to your unique organization (Requirement 6.3)
• Provide security training for developers (Requirement 6.3)
• Conduct application vulnerability assessments of all web applications to ensure that secure coding guidelines have been followed (Requirements 6.5 and 6.6)
• Conduct physical security audits to restrict access to cardholder data (Requirement 9)
• Regularly test security systems and processes (Requirement 11)
• Ensure alignment of corporate information security policy, standards, and practices to comply with PCI (Requirement 12)