In today’s digital economy, it seems as if almost every business in North America is directly or indirectly involved with storing, processing, and/or transmitting cardholder data. Because of this, millions of merchants and other organizations are being mandated to become compliant with the Payment Card Industry Data Security Standards (PCI DSS) provisions, and NDB is here to help. With years of performing PCI DSS certification services, we offer the following solutions for Texas merchants and service providers.
Texas’ Leading Provider of PCI DSS Compliance Services
1. PCI Scoping & Readiness Assessments: If you’re a Texas business new to the world of PCI DSS compliance, then beginning with a scoping & readiness assessment is absolutely critical, and why? Because you’ll want to learn about important scoping boundaries for such an assessment, such as what system components, physical locations, personnel, third-party entities – and more – are part of your actual annual PCI DSS compliance mandates.
Second, you’ll also want to identify gaps and other control deficiencies that will require remediation prior to being granted certification. PCI compliance “can” be a challenging and time-consuming endeavor, but not with NDB, so contact us today to learn more.
2. PCI Technical Remediation: Remember that PCI DSS compliance is a highly technical assessment, which means that an almost endless list of security/technical controls will be assessed. From Requirement 1 to Requirement 12, there’s over 300 tests of controls for PCI, and most of them are indeed technical. This ultimately means that remediation for such controls is highly likely, almost a certainty. Where merchants and service providers struggle in terms of technical remediation is finding both the time and resources for takin the necessary action to remediate control deficiencies.
Here’s a quick list of some of the most common areas for remediation: (1). Servers need to be re-configured with baseline hardening standards. (2). Stronger firewall rules need to be implemented. (3). Audit logs and audit trails need to be established for capturing baseline events. (4). Numerous tools need to be acquired and implemented, such as automated code review software, File Integrity Monitoring (FIM), network intrusion detection systems, vulnerability scanning solutions, and more.
3. Vendor Selection for Mandated Security Tools: Once the long list of security tools has been identified, you’ll going to need to spend some time reaching out to security vendors who offer the solutions you need. From free, open-source to highly-expensive tools, there’s an almost endless list of providers to choose from.
4. PCI Level 1 Onsite Assessments: While the vast majority of Texas businesses can fortunately self-assess, there are instances when a Level 1 onsite assessment by a PCI-QSA is necessary. If that’s the case, NDB can help. We offer a wide-range of services and solutions for helping Texas businesses get prepared for what’s arguably one of today’s most demanding regulatory compliance reporting mandates.
The biggest difference between “self-assessing” and a Level 1 onsite assessment by a PCI-QSA comes down to audit evidence. As a business, you have to provide vast amounts of audit evidence to the QSA – screenshots, memos, information security policies and procedures, and much more. This can be very demanding and time-consuming, so be prepared.
With NDB’s PCI DSS scoping & readiness assessment, we’ll get your business ready for the audit. Specifically, we’ll ensure you’ve successfully remediated all gaps and deficiencies, are fully aware of the audit expectations in terms of deliverables, and what to expect once the audit commences. In short, we’ll be with you every step of the way.
5. Assistance with PCI SAQ Documents: NDB can assist Texas businesses in completing their annual Self-Assessment Questionnaire (SAQ), some of which are relatively straightforward, with others being quite extensive and complex. For example, SAQ-A is a relatively short and straightforward assessment, while others, such as SAQ A-EP or SAQ-D are quite lengthy indeed. And remember something important; just because it says “Self-Assessment”, you should not think it’s an easy task to complete – often it’s not – and you need assistance, so contact an NDB PCI-QSA today at 1-800-277-5415, ext. 705 to learn more.
6. Penetration Testing: Almost every business that has to become PCI DSS compliant also has to perform an annual penetration test – it’s a growing requirement within the actual PCI DSS standards. Penetration testing can be expensive and challenging – but not with NDB – so contact us today at 1-800-277-5415, ext. 705, to speak with a PCI-QSA and learn more about our penetration testing services and solutions for Texas businesses. We’re often asked what’s the cost for penetration testing – and generally speaking – such testing start at approximately $5,500 for a network penetration test covering all in-scope system components. That price can go up quickly if the scope of the penetration test is expanded.
7. Continuous Monitoring: Monitoring your PCI DSS controls (i.e., policies, procedures, and processes) must be done on an annual basis for ensuring you “stay” compliant and not fall into the dreaded “non-compliant” bucket. NDB can assist Texas businesses with all aspects of continuous monitoring. We can set up a framework for regularly scheduled monitoring tests, perform scanning procedures, review your documentation on a quarterly basis, and much more.
NDB – Texas’ PCI DSS Compliance Experts
NDB offers an incredibly wide-range of services and solutions for Texas businesses when it comes to compliance with the Payment Card Industry Data Security Standards (PCI DSS). From scoping & readiness assessments to policy writing, assistance with SAQ completion, Level 1 onsite audits – and much more – we are the Lone Star State compliance leaders. Contact us today at 1-800-277-5415, ext. 705, to speak with a PCI-QSA.
