PCI DSS compliance and testing
With 15 locations and over 4,500 team members, this organization focuses on marketing, ranging from end-to-end marketing to analytics to web hosting.
With increasing industry demand, and to retain millions of dollars in business, it was critical the company adhered to the Payment Card Industry Data Security Standards (PCI DSS). They needed help understanding their compliance responsibilities, and how to achieve this compliance in a cost-efficient manner. Due to previous, positive engagements, the company chose us to help them understand their unique environment, and determine their next steps.
- Discovery & Scope Reduction: Our experts helped the company analyze and understand their compliance requirements based on an evaluation of their payment card processes. Based on this understanding, our experts provided recommendations for the company to reduce compliance costs through process redesign and network segmentation.
- Readiness Assessment: Next, we performed an initial gap assessment of the company’s compliance with the PCI DSS and provided recommendations to fulfill non-compliant requirements. Our recommendations were organized using a prioritized approach to guide the company down the most logical path to compliance.
- PCI DSS Assessment: Once the company remediated all compliance gaps noted in the Readiness Assessment, we performed a PCI DSS assessment per guidance from the PCI Security Standards Council.
- PCI Penetration Testing: In addition, our network security team assisted the company in fulfilling their obligations for PCI DSS requirement 11.3; which requires organizations to perform annual internal and external penetration testing. Recommendations were provided to assist the company in performing required remediation.
- Compliance Reporting: When the company was fully compliant with the PCI DSS (for the services assessed), we prepared the required compliance documentation (Report on Compliance Reporting: When the company was fully compliant with the PCI DSS (for the services assessed), we prepared the required compliance documentation (Report on Compliance and Attestation of Compliance) that they could share with their clients.
In the end, we confirmed the company’s PCI DSS compliance and they were able to provide attestation to their own clients. During the project, the company experienced turnover with a key staff member and our team was able to facilitate a thorough knowledge transfer during the personnel transition. The company was able to retain millions of dollars in business and attract new business based on their compliance with the PCI DSS.