Depending on the structure of your organization and current resources, implementing EMV can be a daunting task. To help our clients be successful and achieve the best return on investment, SecureState follows a three-phase approach.
In the first phase, Discovery, data is collected via whiteboard sessions to determine current state. A number of things must be considered, such as solutions offered by your bank and other vendors, the feasibility of integrating into your current environment, business drivers, and a clear definition of your overall PCI scope. It is common in this phase for us to assist you in communicating with upper management and boards of directors to ensure full support from the top down. SecureState’s experienced management consultants can assist with both short and long-term budget planning if a phased implementation is indicated.
In the Evaluation phase, our network defense experts and QSA team can assist in reviewing proposed solutions and design a secure network solution based on available encryption, data flow and potential business/network segmentation. As decisions are being made, access to experienced QSAs and PA-QSAs is invaluable to ensure continued compliance throughout implementation and beyond.
Post-Implementation testing and ongoing PCI program monitoring ensures the continued safety of your customers’ data. In this phase, penetration testing may be performed to validate segmentation and Continual Compliance offers quarterly meetings to take stock of compliance activities and provide you with information about industry trends or changes to the PCI-DSS.