PCI-DSS Audit | Credit Card Security

PCI-DSS Audit

Sunphinx has a vast experience in PCI compliance and can assist you in your ongoing self-assessment program.

If your organization touches or sees credit card information and cardholder data, either directly or as a service provider to another company, then you are subject to PCI compliance. As an IT executive charged with PCI compliance, you are not only managing the risk of financial liability for penalties and fraud conducted on your systems, but increasingly it is a matter of law. In the US and worldwide, PCI is evolving from industry compliance to government mandate.

Depending on your company’s role in cardholder data handling and the number of transactions you conduct yearly, your company may be required to either conduct a self-assessment or have one performed by a PCI Specialist. In all cases, PCI requires that an executive officer of your company sign-off on any assessment statements and results highlighting the accountability and liability inherent in the process.

PCI audits are complex and require extensive knowledge of the standard and techniques for maximizing compliance while reducing cost. The PCI audit process is complex and requires a detailed technical understanding of both the architecture and the operation of many infrastructure components. Sunphinx experience enables you to use your resources efficiently to meet PCI requirements.

Sunphinx brings proven experience in both technical and procedural auditing. We have helped many of our clients meet their PCI requirements, with services that include pre-audit gap analysis and audit scoping, as well as conducting the overall assessment and the resulting remediation.

Audit services

Sunphinx audit practice addresses all of your PCI requirements, so that you can:

• Build and maintain a secure network
• Protect cardholder data
• Establish automated and manual discovery of sensitive cardholder data throughout your infrastructure
• Approaches to dealing with legacy systems housing cardholder data
• Maintain an effective vulnerability management program
• Implement effective access control measures
• Regularly monitor and test networks
• Maintain a policy that addresses information security requirements and operational best practices

As a result of the PCI audit, our expert security consultants will provide you with a comprehensive report that identifies the compliance status of the audited network, based on PCI compliance guidelines. We can also help you design recommended compensating controls for remediation that are included in the report. We then work with you to submit these to your acquirer or card brand for final approval.

PCI QSA Audit is required for level 1 and level 2 service providers, and for most level 1 merchants. Because the definition of these levels varies, we can also help you determine your compliance requirements as part of the engagement. Meeting PCI program compliance requirements is critical as the card issuer (Visa, MasterCard, American Express, etc.) can levy penalties on merchants or service providers who are not compliant.

• Company
  • Profile
  • Expertise
  • Careers
  • Contact information

• Services
  • Network security
  • Technology Infrastructure
  • PCI-DSS Audit
  • Expert advice

• Contact us
  • Contact information
  • Request a quote

Copyright 2009 © Sunphinx Computer Security. Tous droits réservés.