Experian Independent Third Party Assessment (EI3PA)
If your company processes, stores or transmits credit information provided by Experian, you may be required to have your systems assessed to determine how you are protecting this information, both externally and internally, from unauthorized users. Experian chose to adopt the PCI DSS process to assess how securely you are protecting credit information. As a PCI QSA (Qualified Security Assessor), Sword & Shield is qualified to assess your systems containing credit information.
EI3PA GAP Analysis (Pre-Audit)
If you are facing an EI3PA for the first time, the assessment can be a daunting task. The first-year Report on Compliance (ROC) almost always reveals significant gaps in operations, security processes, and controls, leaving the organization with many unanswered questions and an unclear road map to compliance.
Our EI3PA Gap Analysis/Remediation Plan helps avoid the drain of both the time and the capital associated with a first-time ROC. Our analysts perform a review of your security processes and controls against the full PCI DSS but without the exhaustive operational testing required by the ROC testing procedures. Our process identifies gaps and creates a remediation plan to allow your organization to concentrate on meeting compliance timelines and budgetary constraints.
EI3PA Onsite Report on Compliance (ROC)
As a PCI QSA, we provide comprehensive security assessments on the Data Security Standard, which results in a documented ROC. The ROC provides an independent validation of compliance required by Experian. Our ROC assessments are led by senior security analysts who maintain CISA and CISSP certifications. Our auditors intimately understand the retail and service-provider processing models and the idiosyncrasies that make your business unique. We help our clients understand compliance risk, control options and compensating control strategies as they work toward achieving and maintaining PCI compliance.
Sword & Shield resells Qualys and SecureWorks Approved Scanning Vendor (ASV) Services. Quarterly scanning by an approved ASV is required as a periodic test that new vulnerabilities have not been introduced as changes are made to your systems.
Web Application Test
If you have a website that collects, stores or transmits credit information, PCI DSS Requirement 11.3.2 may apply. This requirement states that you should perform application-layer penetration testing at least once per year and after any significant application upgrade or modification. Sword and Shield provides Web Security Testing.
Annual Network Vulnerability and Penetration Test
PCI DSS Requirement 11.3.1: PCI Penetration Test states that you must perform network-layer penetration testing at least once a year and after any significant infrastructure upgrade or modification. Sword & Shield can provide Penetration Testing and Vulnerability Assessments.
If you have wireless access points in your payment card network, PCI DSS Requirement 11.1 may apply. To meet this requirement, you must test for the presence of wireless access points by using a wireless analyzer at least once a quarter. Wireless Security tests are also a part of Sword & Shield’s overall offerings.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885