For merchants, financial institutions and vendors, protecting card holder data is important, and adhering to the Payment Card Industry Data Security Standard (PCI DSS) is mandatory. But PCI compliance can be expensive and complex.
Sword & Shield Enterprise Security partners with you to make PCI compliance easier. We take the burden off you by providing expert QSAs, security engineers, technical writers, and more to provide world class, competitively-priced PCI compliance services.
Sword & Shield is a pure security firm that focuses on cyber security and compliance. We provide PCI compliance services beyond simply “checking a box” with the following:
We work to reduce your costs and improve your overall security with thorough, balanced and pragmatic assessments with the following services:
Virtual Qualified Security Assessor (vQSA)
The vQSA PCI compliance program is a subscription-based service that alleviates stress and chaos by proactively working toward an “always compliant” state. By providing an outsourced QSA for ongoing oversight, this program simplifies the process around ROC or SAQ completion.
Level 1 Report on Compliance (ROC)
The ROC provides an independent validation of compliance to customers, card brands and acquiring banks. Our ROC assessments are led by expert QSAs who intimately understand payment card processing models and how the idiosyncrasies of your business impact your compliance. We help you to understand the PCI DSS and compensating control strategies as you work toward achieving and maintaining PCI compliance.
Assisted Self-Assessment Questionnaire (SAQ)
Sword & Shield provides expert PCI consulting to assist with the completion of an SAQ and the submission of an Attestation of Compliance (AOC). We help you complete the PCI self-assessment and provide you with practical remediation guidance to help you achieve secure PCI compliance.
PCI DSS mandates an annual risk assessment to identify threats and vulnerabilities. Sword & Shield’s experienced and thorough assessors take the burden off you by providing a risk assessment that identifies, analyzes, and documents security risks to fulfill Requirement 12.1.2.
PCI Gap Analysis (Pre-Audit Readiness Exercise)
Planning your first PCI audit and facing a full Report on Compliance (ROC) assessment can be overwhelming. Our PCI Gap Analysis/Remediation Plan reviews your security processes and controls against the full PCI DSS without the in-depth control operational testing required by the ROC testing procedures. Our process identifies gaps and creates a remediation plan to allow your organization to concentrate on meeting compliance time lines within budgetary constraints.
Our experts provide security awareness training to fulfill PCI DSS Requirement 12.6. To best fit your business needs, we offer training via several modes including on-site, classroom, LMS, online and more.
Contact Sword & Shield to get a handle on your PCI Compliance.
In addition to the basic services we commonly recommend, these additional services address other areas of PCI-DSS to further mitigate risk.
If you have wireless access points in your payment card network, PCI DSS Requirement 11.1 may be applicable. This requires you to test for the presence of wireless access points by using a wireless analyzer at least quarterly.
PCI DSS Requirement 11.3.1: PCI Penetration Test: requires the performance of a network-layer penetration test at least once a year and after any significant infrastructure upgrade or modification. For this service, see the Penetration Testing and Vulnerability Assessment page.
Sword & Shield can provide a formalized policy and procedure package to include fully validated documentation that will meet the twelve domains of the PCI-DSS requirements.
Quarterly scanning by an approved Authorized Scanning Vendor is required for levels 1 – 4 merchants who transmit, store or process credit card data. We can help you choose an ASV that’s right for you as part of your PCI audit. We can run the scans for you and provide consulting to assist you in remediating the vulnerabilities, as well. Ask us for a quote for a Facilitated ASV Quarterly Scanning Service.
If you have a Website that collects, stores or transmits card data, PCI DSS Requirement 11.3.2 may be applicable. This requires you to perform application-layer penetration testing at least once a year and after any significant application upgrade or modification. For this service, see the Web Security Testing page.