PCI Assessment - Report on Compliance (RoC)

All organizations that accept credit cards must be compliant to relevant PCI standards.

The RoC validates compliance efforts on an annual basis. SecureState's Qualified Security Assessors (QSAs) will assess your organization to validate full compliance with the PCI DSS.

Benefits

Payment Card Industry Data Security Standard (PCI-DSS) is a contractual requirement for organizations that wish to accept payment by credit card. By complying with PCI requirements, merchants and service providers not only meet their obligations, establish a baseline for security that has several benefits. PCI compliant companies gain competitive advantage through securing infrastructure while increasing their overall credibility. Maintaining PCI compliance helps protect customers by safeguarding their credit card information. PCI compliance facilitates customer confidence, knowing their credit card information is protected. Finally, for any organization to claim “Safe Harbor,” they must be in full compliance with the PCI DSS at the time of a breach, as demonstrated during a forensic investigation, and have validated full compliance prior to the compromise.

Expertise

SecureState reduces the cost, confusion, and complexity of complying with the PCI DSS by providing comprehensive security expertise. We support our clients’ PCI programs through a combination of web-based resources including our proprietary MyState Portal and a team of credentialed PCI specialists. SecureState has provided PCI training at ISACA events, leading payment vendor conferences, as well as independent seminars.

In addition, SecureState can support you with comprehensive, PCI support services throughout the year. Through a combination of online resources and on-demand consulting from SecureState’s team of executive analysts, you receive the support you need to achieve and maintain compliance.

Approach and Methodology

Prior to coming on site, SecureState will introduce all of the participants in the engagement, defining each person's roles and responsibilities, and reviewing the high level activities for the engagement. We will also establish the timeframe for onsite activities, and set up a collaborative portal.

As part of the PCI assessment, SecureState collects and reviews all required documentation related to PCI compliance including information security policies and procedures, incident response plan (IRP), network and system configuration standards and reports, periodic testing results (e.g., ASV scans, penetration testing, internal vulnerability scans) and other associated evidence prior to the required on-site portion of the engagement. SecureState will document and align PCI requirements with collected client documentation, identify potential issues, and provide results back to the client, requesting any additional documentation if areas of concern or noncompliance are found.

Once SecureState is onsite, we will validate scope and that required controls are in place in accordance with PCI DSS Standards. We will thoroughly analyze and document the existing controls used to protect CHD. Additionally, we will identify opportunities to mature your overall compliance program.

SecureState will document all of our efforts exhaustively, including reviewing the systems and network components within the cardholder environment. Our consultants will review and confirm scoping limitations to the PCI CDE while also highlighting our interviews with key personnel on compliance activities.

Upon completion of the onsite assessment, the SecureState team will analyze evidence provided to validate controls as being compliant. They will document findings within the PCI SSC defined Report on Compliance (RoC) template.

Upon completion of requirement validation, SecureState will deliver the RoC and associated Attestation of Compliance (AoC) for review and countersignature. SecureState will also complete required submissions to the defined organizations for service providers. SecureState will then hold a closing call to recap the assessment and discuss areas for compliance program improvements.

pci_assessment

Get Started!