In order to ensure credit card payment security, the Payment Card Industry Security Standards Council (PCI SSC) has defined a set of compliance requirements to safeguard credit card transactions and consumer personal and financial data under the Payment Card Industry Data Security Standard (PCI DSS).
PCI DSS compliance is more than just satisfying a list of guidelines – it is a proven way to protect you and your customer’s data from outside attacks.
As a Qualified Security Assessor (QSA), Hitachi Systems Security will help you address all PCI DSS requirements while reducing the complexity and costs associated with it. Hitachi Systems Security will help you conduct analysis, deploy technology based on the assessment of your requirements, and implement policies and procedures to achieve the highest levels of compliance.
During a PCI DSS Compliance engagement, Hitachi Systems Security’s certified security consultants review information systems, policies and procedures, along with security controls and systems in place and network security architectures focusing on alignment of your organization with controls outlined in the PCI DSS. Upon completion of the service, your organization will have received an assessment of the effectiveness of their organizational security controls regarding PCI data security requirements.
Reduce and Prevent Risk of Identity Theft
Protect Sensitive Cardholder Data
Provide a Baseline of Security in the Cardholder Enviorment
Protect Reputation and Maintain Positive Brand Image
PCI Compliance Gap Analysis (Pre-Audit) — A review of compliance scope, security architecture, processes and controls against the full PCI DSS to help your organization understand options for scope reduction, identify gaps, and create a remediation strategy to successfully complete a Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC).
PCI Self-Assessment Questionnaire (SAQ) — An assisted review and assessment of the applicable PCI DSS SAQ, resulting in a Qualified Security Assessor attested SAQ that can be provided to merchant acquirers and card processors.
PCI Report on Compliance (ROC) — A comprehensive assessment of a company’s payment cardholder data environment, resulting in a documented ROC that provides an independent validation of compliance to be submitted to acquirers and card brands.
PCI Network Vulnerability Testing — Internal and external vulnerability scans, quarterly and after any significant changes are made to the network.
PCI Application and Network Penetration Test — Annual application-layer and network-layer penetration tests on the relevant environment scope as well as after any significant infrastructure upgrades or modifications.
PCI Web Application Vulnerability Assessment — Application vulnerability assessment on public-facing websites collecting, storing or transmitting card data that is performed at least once a year as well as after any significant application upgrades or modifications.
PCI Wireless Assessment — Quarterly testing for the presence of wireless access points within in-scope environments.
PCI Approved Scanning Services — Quarterly vulnerability scanning performed according to the scanning requirements set by the PCI Security Standards Council.
Security Event Monitoring
Intrusion Detection Systems
External Vulnerability Scanning
File Integrity Monitoring
Our secure ArkAngel risk management portal allows you to manage your PCI DSS compliance profile on a 24/7 basis. With all security policies and procedures, incident response management, vulnerability assessments, security posture reports and security logs in one place, the portal will help you provide clear evidence of compliance with all security controls and simplify your self-assessment processes and PCI audits.