PCI Compliance

As a Qualified Security Assessor (QSA) company, nGuard is a nationally recognized security firm and is
certified by the PCI Security Standards Council (PCI SSC); the highest PCI certification possible.

Credit card payments have become the de facto payment method for consumers, as well as many businesses. If your organization accepts credit card payments or works with another organization that does, compliance with the PCI Data Security Standard (PCI DSS) isn't an option...it's a requirement. Your organization will be required to store, process, and/or transmit credit card data. This information is highly sought after by cyber criminals, hackers, and identity thieves. To mitigate this risk, PCI standards are designed to ensure that organizations are following strict security controls.

Compliance with PCI requires ongoing, regular assessments, possible architecture changes, policy development, submitting required PCI documentation, and more. To complicate matters, the requirements can vary depending on the number of credit card transactions and how you process the transaction. For the uninitiated, it can be overwhelming.

 nGuard takes the complexity out of PCI compliance. We help our clients navigate the requirements and determine the most cost effective approach to reach their compliance goals. Whether it's an external PCI ASV scan or an onsite QSA audit, nGuard makes compliance with PCI easy.

 

Services

 Benefits & Services

  • QSA

  • Methodology
  • Strategic
    Assessment
  • Tactical
    Assessment

  • Remediation

  • Requirements

PCI QSA


http://74.208.164.106:8335/FS/LIB/100039/1/pci_ssc_qsa.gifIf you're a Level 1 Merchant or Service Provider, you have to be compliant with the full PCI standard, with the most important requirement being that you use a PCI Qualified Security Assessor (QSA) company to perform the more rigorous QSA Assessment! Not surprisingly, selecting the right QSA is an important decision. You want to make sure to select a QSA that is well-established & deeply-experienced.

nGuard makes that decision easy. As a Qualified Security Assessor (QSA) company, nGuard is certified by the PCI Security Standards Council (PCI SSC), the highest PCI certification possible. With years of QSA experience in a diverse set of merchants and service providers across North America, nGuard blends the right balance of stability, maturity, and cost effectiveness.

 

 

PCI Methodology


Whether you’re already PCI compliant, or just starting the compliance process, nGuard’s proven methodology helps you efficiently achieve your PCI goals. Using our PCI Compliance Methodology, nGuard will help you determine which phase of the process you are in and where we can help you most.

http://74.208.164.106:8335/FS/LIB/100040/1/pci-compliance-illustration.png

For veteran organizations with a well-established PCI compliance program, Step 4, a PCI Audit, covers your PCI assessment needs.

However, for clients just starting down the PCI compliance path, satisfying regulatory demands are spelled out in the steps below, referring to the chart above.

  • Step 1 ensures that the scope of the Cardholder Data Environment is well-defined.
  • Step 2 helps ensure the initial gaps are identified and that appropriate corrective actions are developed.
  • Step 3 illustrates the remediation of the customer’s efforts to address identified gaps.
  • Step 4 encompasses the full assessment of PCI compliance that confirms your organization’s adherence to PCI regulatory demands.

Once compliant, the methodology shifts your organization into maintenance mode. This means that nGuard can maintain your PCI compliance through ongoing PCI audits that are required by regulations and address remediation of new issues that emerge. Furthermore, if your organization undergoes major changes, such as rapid growth or an acquisition, nGuard’s methodology is flexible enough to allow the new changes to be evaluated at Step 1, while the existing audit areas remain unaffected.

 

Strategic PCI Assessment


Delivered by nGuard, PCI Strategic Security Assessments are focused on establishing the PCI scope of your environment and identifying any gaps preventing your PCI compliance. Each assessment, briefly described below, follows the proven nGuard PCI Compliance Methodology to ensure consistency and thoroughness.

  • PCI Scope Analysis:
    • Appropriate for Level 1-4 Merchants, as well as Service Providers.
    • Provides a streamlined analysis methodology to help clients identify and/or reduce their Cardholder Data Environment (CDE), thus reducing compliance requirements.
    • Reduces overall costs and speeds up compliance with PCI.
    • Performed by a Qualified Security Assessor (QSA).
  • PCI QSA Onsite Assessment:
    • Required for Level 1 Merchants and Service Providers.
    • Appropriate for Level 2 Merchants.
    • Provides official annual onsite assessments by a Qualified Security Assessor (QSA).
    • Provides mandatory PCI/DSS deliverables from a QSA:
      • Report on Compliance (ROC)
      • Attestation of Compliance (AOC)
      • Compensating Controls Worksheet
    • Provides nGuard deliverable documentation and tools to accurately communicate findings and help to remediate them.
    • Suitable for both the PCI Readiness Audit (Step 2) and the formal PCI Audit (Step 4) in nGuard's PCI Compliance Methodology.
  • PCI Strategic Security Assessment:
    • Appropriate for Level 2-4 Merchants or Level 2 Service Providers that do not require the more extensive QSA Onsite Assessment.
    • Provides an annual assessment by a Qualified Security Assessor (QSA) company.
  • Provides the following deliverables:
    • Mandatory PCI/DSS Self-Assessment Questionnaire (SAQ) accurately completed by a PCI QSA company.
    • nGuard deliverable documentation and remediation tools:
      • Suitable for both the PCI Readiness Audit (Step 2) and the formal PCI Audit (Step 4) in nGuard's PCI Compliance Methodology.
      • Performed by a Qualified Security Assessor (QSA).

Tactical PCI Assessment


In addition to the strategic assessments, PCI mandates tactical assessments to discover and exploit vulnerabilities in your Cardholder Data Environment (CDE). These tactical PCI assessments are sometimes called vulnerability assessments, penetration tests, or ethical hacking. They are either explicit requirements in the standard or implied by statements within the standard. nGuard's portfolio of tactical assessment services required by PCI include:

PCI Remediation


In many cases, in addition to assessments we have performed, customers turn to nGuard for PCI remediation services. If your IT staff is 100% utilized, or possibly doesn't have all the needed skill sets to perform the remediation, nGuard can quickly help address your issues. In addition, you will be better prepared for future audits.

Remediation activities can take many forms and are customized for each client. Example remediation services include:

Requirements


If your organization stores, processes, or transmits credit card data, PCI/DSS requires you to protect that information. Some organizations are required to obtain the services of a PCI Qualified Security Assessor (QSA), while others do not. The chart below helps to guide what type of PCI assessment your organization needs or is required to have. In either case, nGuard has the PCI expertise and certifications required to address your specific needs.

Organization Type PCI QSA Required nGuard Provided
PCI Services
Merchants
Level 1
Level 2
Level 3
Level 4
Service Providers
Level 1
Level 2
Featured Solutions
Let's Get Started

Contact us at 1-866-888-7111 or complete the form below.