- January 22, 2016
- Posted by: isoqaruser
- Categories:
Don’t put your customers or your business at risk: Achieving compliance with PCI DSS is a substantial journey for any business. There are decisions to make, directions to choose and obstacles to overcome. That’s why the smart choice is to engage an experienced guide, like ISOQAR. Our team of experts and technical advisers are trained to identify the vulnerabilities and risks in your network, systems, resources and applications. We can develop suitable solutions that will enable you to reduce your risks and ensure compliance with standards, frameworks, legislation and other business requirements.
There are no shortcuts on the journey to compliance but there are different routes. That’s why ISOQAR has introduced a suite of essential services to help you achieve compliance in the most efficient and secure manner:
- Understanding
- Training
- Scope Review
- Gap Analysis
- Remediation Support
- Formal Assessment (Audit)
- Maintenance
ISOQAR can help you address all payment card requirements such as annual onsite audit, self-assessment questionnaire, external and internal vulnerability scan, penetration testing, WLAN analysis. What to expect from ISOQAR:
- Impartial and clear advice
- Clear guidance on a complex topic
- Best practice, drawn from years of experience
- Attention to details and unrivaled client service
THE 12 SECURITY CONTROLS REQUIREMENT OF PCI DSS ARE BELOW:
-
- Build, maintain a secure Network Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
- Use and regularly update antivirus software also, maintain a vulnerability management program.
- Develop and maintain secure systems and applications.
- Implement strong access control measures and restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
- Track and monitor all access to network resources and cardholder data regularly monitor and test networks.
- Regularly test security systems and processes.
- Maintain a policy that addresses information security.
PCI COMPLIANCE LEVELS
There are four PCI compliance levels, and the category you are in depends on the volume of card transactions you process in a year.
Level 1: Merchants processing over 6 million card transactions per year.
Level 2: Merchants processing 1 to 6 million transactions per year.
Level 3: Merchants handling 20,000 to 1 million transactions per year.
Level 4: Merchants handling fewer than 20,000 transactions per year.
Level one and two are the highest levels, and here, merchants must adhere to stricter rules. Some of the requirements in the top two categories include getting an approved scanning vendor to perform a quarterly network scan, undergoing an annual audit by an authorized PCI auditor, and completing a penetration scan to check for vulnerabilities in the network. If your business suffers a data breach, You should put yourself at a higher level of regulation regardless of the card payments you process in a year.