Experian EI3PA Compliance
Sword & Shield performs Experian Independent Third-Party Assessments (EI3PA). We are uniquely qualified to assess your systems containing credit information, and we are your long term partner for simplifying your compliance process.
If your company processes, stores or transmits credit information provided by Experian, you may be required to have your systems assessed under the PCI DSS process to determine how you are protecting this information, both externally and internally, from unauthorized users. Sword & Shield’s extensive experience with PCI DSS qualifies us to help you with the following tasks common to this process:
EI3PA GAP Analysis (Pre-Audit)
If you are facing EI3PA compliance for the first time, the assessment can be a daunting task. It has been our experience that the first-year Report on Compliance (ROC) almost always reveals significant gaps in operations, security processes, and controls, leaving the organization with many unanswered questions and an unclear path to compliance.
Our EI3PA compliance gap analysis/remediation plan helps avoid the drain of both the time and the capital associated with an initial ROC. Our analysts measure your security processes and controls against the full PCI DSS. As part of our pre-audit analysis, Sword & Shield will deliver a Roadmap to Compliance, our unique approach to remediation, to assist your organization in meeting required compliance objectives.
EI3PA Onsite Report on Compliance (ROC)
Our PCI QSA consultants provide comprehensive security assessments on the Data Security Standard, which results in a documented ROC. The ROC provides an independent validation of compliance required by Experian. Our ROC assessments are led by experienced senior security analysts. Our auditors intimately understand the retail and service-provider processing models and the idiosyncrasies that make your business unique. We help our customers understand compliance risk, control options and compensating control strategies as they work toward achieving and maintaining EI3PA compliance.
Sword & Shield resells Approved Scanning Vendor (ASV) Services. Quarterly scanning by an approved ASV is required as a periodic test to ensure that new vulnerabilities have not been introduced as changes are made to your systems.
Web Application Test
If you have a website that collects, stores or transmits credit information, PCI DSS Requirement 11.3.2 may apply. This requirement states that you should perform application-layer penetration testing at least once per year and after any significant application upgrade or modification. Sword & Shield provides Web Security Testing.
Annual Network Vulnerability and Penetration Test
PCI DSS Requirement 11.3.1: PCI Penetration Test states that you must perform network-layer penetration testing at least once a year and after any significant infrastructure upgrade or modification. Sword & Shield provides penetration testing and vulnerability assessments.
If you have wireless access points in your payment card network, PCI DSS Requirement 11.1 may apply. To meet this requirement, you must test for the presence of wireless access points by using a wireless analyzer at least once a quarter. Wireless security tests are also a part of Sword & Shield’s offerings.
At Sword & Shield, we work with our customers to design continuous compliance processes to ensure they maintain their control environment throughout the compliance lifecycle
Why us, why now?
Senior managers are focusing on compliance concerns because of their impact on all aspects of business operations. Efforts to comply with regulatory requirements must be supported by appropriate IT systems. As companies revisit their risk management approaches, many are discovering a lack of focus on the key risks to the organization due to a fragmented risk management and compliance program. Our risk & compliance services provide a strategic and holistic approach to managing your risks.