Few steps to PCI compliance
International Credit Card organizations issue stringent security requirements to their contractual partners based on the PCI Data Security Standard. Our certified security auditors/certified security assessors accompany you from analysis right up to implementation, and ensure that the requirements of the security standards can be met.
At first sight, PCI requirements look like a complex and arduous set of rules and regulations. This is understandable, as the standard comprises of some 250 individual requirements. Many PCI DSS requirements are already industry best practices or are required by other regulating bodies (ISO 27001, BSI Grundschutz). In general, PCI DSS complements these generic standards with requirements that are focused on protecting sensitive card data.
An entities transaction volume mandates on how the compliance status needs to be reported. However, the technical and organizational requirements stay the same. In close collaboration, we clarify in advance which specific requirements are necessary and take the following steps:
- Raise Awareness
Demonstrate the value and benefits of IT security standards to management and the system owners. We show – mostly in workshops – which fundamental PCI DSS technical and organizational requirements have to be met.
- Define Project Scope
Based on a preliminary analysis, we identify which current system components are affected by the PCI DSS requirements. After that we clarify by which means the scope can be narrowed down.
The necessary amendments to the systems and network components are jointly defined. If requested we can provide additional support in the implementation phase.
The next step is auditing the systems and – if successful – issuing the corresponding compliance documents.
- Recurring Procedures
PCI requires recurring procedures, depending on a company’s type and size. We accompany our customers and ensure that PCI DSS requirements are adhered to.
PCI Security Standards Council
The PCI Security Standards Council is an umbrella organization of credit and debit card companies with the mission to set up IT security specifications, which are intended to protect the critical card data. The requirements of the PCI DSS standard are binding for all parties which operate systems that process credit and debit cards.
Ergonomics is certified by the PCI Security Standards Council as official QSA Company and can therefore provide consulting and audits related to the PCI DSS standard.
Questions or comments?
Tel +41 58 311 1024