About Sword & Shield
Since 1997 Sword & Shield has been the trusted information security partner for 3000 clients in 50 states and 27 countries around the globe.
We offer comprehensive computer network security services and IT regulatory compliance for business and government. Let us help secure your future.
Request Consultation
Company News
-
PCI
As a PCI Qualified Security Assessor, Sword & Shield has been assisting merchants with PCI compliance since the early days of the PCI Council’s DSS requirements. We can help you plan, analyze, track and monitor your PCI compliance program – helping you reduce cost, time and frustration.
PCI Services Menu
PCI Compliance Shield Smart Portal
If you are a service provider and you are processing payment card charges for a number of merchants, your merchants must, at a minimum, complete an annual SAQ. If you are an organization with a large number of widely dispersed point of sale locations processing payment cards, you are responsible for completing an annual SAQ for each location. Sword & Shield can provide you with a cost-effective way to assist the merchants in completing the appropriate SAQ and conducting quarterly vulnerability scans where required.
Back to Top
General PCI Consulting
Additionally, Sword & Shield can provide general PCI consulting advice or a PCI readiness assessment to assist you in making business decisions regarding the use of payment cards. If you feel the fees being charged to you for credit and debit card processing may be more than you should be paying, please contact us. We have a relationship with a company that will analyze the fees and assist you in lowering these charges. You only pay a percent of the savings realized.
Back to Top
Large Campus PCI Consulting
If your organization uses multiple merchant accounts (universities and hospitals, for example) and services multiple business applications that provide transactions on the level of each merchant account, this may place your organization at an SAQ Level 3 or 4. Your acquiring bank may ask you to roll all the merchant accounts under one or more corporate accounts because of your SAQ level. This consolidation process may be daunting if your organization has grown through the acquisition of other companies. We can survey your organization to find all of the merchant accounts and determine the method of transmitting, processing and storing payment card information. Through this survey we can find the most cost effective way to manage your PCI compliance.
Back to Top
PCI GAP Analysis (Pre-Audit)
For Level 1 merchants and service providers who are planning their first PCI Audit and facing a full Report on Compliance (ROC) assessment, the task can be overwhelming. The first-year ROC almost always reveals significant gaps in operations, security processes, and controls, leaving the organization with many unanswered questions and an unclear roadmap to compliance.
Our PCI Gap Analysis/Remediation Plan helps avoid the drain of both time and capital resources associated with a first-time ROC by reviewing your security processes and controls against the full PCI DSS without the in-depth control operational testing required by the ROC testing procedures. Our process identifies gaps and creates a remediation plan to allow your organization to concentrate on meeting compliance timelines and budgetary constraints.
Back to Top
PCI On-Site Report on Compliance (ROC)
As a PCI QSA, Sword & Shield provides comprehensive security assessments of the Data Security Standard to Level 1 Merchants and Level 1 and 2 Service Providers, resulting in a documented ROC. The ROC provides an independent validation of compliance to customers, card brands and acquiring banks. Our ROC assessments are led by senior security analysts who maintain CISA and CISSP certifications. Our auditors intimately understand the retail and service provider processing models and the idiosyncrasies that make your business unique. We help our clients understand compliance risk, control options and compensating control strategies as they work toward achieving and maintaining PCI compliance.
Back to Top
Self-Assessment Questionnaire (SAQ) Assistance
Sword & Shield provides general PCI-related consulting to assist with the completion of an SAQ and the submission of an Attestation of Compliance (AOC). We can establish a Compliance Center web portal to manage and track responses to questions, post evidence of compliance, and send compliance reports to your acquiring bank. Additionally, we can provide you with advice to complete the PCI self-assessment and provide you with practical remediation guidance to help you achieve secure PCI compliance.
Back to Top
PCI Quarterly Scans or Facilitated Quarterly Scans
Quarterly scanning by an approved Authorized Scanning Vendor is required for levels 1 – 4 merchants who transmit, store or process credit card data. Sword & Shield resells quarterly scanning services from a number of partners, including Dell SecureWorks, Qualys, nCircle, AlertLogic and SAINT. We can help you choose an ASV that’s right for you as part of your PCI audit. We can run the scans for you and provide consulting to assist you in remediating the vulnerabilities, as well. Ask us for a quote for a Facilitated ASV Quarterly Scanning Service.
In addition to the external quarterly scans, merchants are required to scan the internal network on a quarterly basis and after any major changes are made to the network. The scanning does not have to be done with an ASV approved scanner. Sword & Shield can assist you in the selection of an internal scanner to meet these requirements.
Back to Top
PCI Annual Network Vulnerability and Penetration Test
PCI DSS Requirement 11.3.1: PCI Penetration Test: requires the performance of a network-layer penetration test at least once a year and after any significant infrastructure upgrade or modification. For this service, see the Sword & Shield Penetration Testing and Vulnerability Assessment page.
Back to Top
PCI Wireless Assessment
If you have wireless access points in your payment card network, PCI DSS Requirement 11.1 may be applicable. This requires you to test for the presence of wireless access points by using a wireless analyzer at least quarterly. For this service, see the Sword & Shield Wireless Security Testing page.
Back to Top
PCI Web Application Test
If you have a Website that collects, stores or transmits card data, PCI DSS Requirement 11.3.2 may be applicable. This requires you to perform application-layer penetration testing at least once a year and after any significant application upgrade or modification. For this service, see the Sword & Shield Web Security Testing page.
Back to Top
Sensitive Data Discovery Scan
The PCI DSS requirements apply to all of the components of the network containing cardholder data. Therefore, it is important to scan all of the networks to search for cardholder data that may be stored on desktops or back-end accounting systems. A Sensitive Data Discovery Scan will find this cardholder data so that actions can be taken to contain it within the defined cardholder network. Sword & Shield can include the scan in our proposals or you can provide evidence that the cardholder data is contained as described.
Back to Top
Risk Assessment
PCI DSS Requirement 12.1.2 includes an annual process that identifies threats and vulnerabilities, and results in a formal risk assessment. Examples of risk assessment methodologies include, but are not limited to, OCTAVE, ISO 27005 and NIST SP 800-30. Sword & Shield can include the risk assessment as part of our services, or you can conduct the risk assessment and provide results as evidence to the QSA during the PCI Assessment.
Back to Top
Policy Review and Development
Sword & Shield can review and assist in the development of PCI policies to meet best security practices.
Back to Top
PCI Fundamentals On-Demand Webcast
Sword & Shield and Juniper Networks co-host a webinar to discuss how organizations can meet or enhance their PCI compliance security. A recording of the webcast, PCI Fundamentals: Assessing Risk, Conducting Cost/Benefit Analysis and IT Solutions to Tackle PCI Challenges, and accompanying slide deck are now available for viewing on-demand.
Back to Top
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or contact us by phone so we can begin securing your future.
U.S. Toll-free: 800-810-1885
International: 865-244-3500
Request a Consultation