PCI DSS Compliance
The PCI DSS (The Payment Card Industry Data Security Standard) is a set of security standards which apply to all businesses who process card payments, or store or transmit credit or debit card information, in order to provide secure transactions. Failing to comply with the requirements can result in substantial fines, litigation, and loss of customer trust.
Invicta Data Engineering provide a broad range of services to help your organisation gain and retain PCI compliance, enabling allowing you to focus on running your business.
Network Security Audits and PCI Remediation Planning
Logging Solutions and SIEM Services
The six key PCI DSS requirements are to:
- Build and maintain a secure network
- Protect and maintain cardholder data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Organisations that process fewer than 6 million card transactions annually are able to self-certify using the SAQ (Self Assessment Questionnaire), which are a set of yes-no questions designed to assess your data security.
The type of SAQ you will have to complete will be determined by the way in which you process cardholder information.
Your business is also required to have an external network vulnerability scan performed by an ASV (Approved Scanning Vendor) on your network or domain on a quarterly basis.
Vulnerability scanning identifies risks such as misconfigured firewalls and remote access vulnerabilities. We can provide these scans as part of our comprehensive SME package.
Invicta Data Engineering can help you save valuable time by working with you to complete the SAQ efficiently and accurately, allowing you to focus on growing your business.
We can also assist you to remediate any existing areas of non-compliance, taking responsibility for every step of the self-assessment process.
Finally, we’ll help you to report your compliance to your merchant processor.
Invicta Data Engineering are a Kent based company specialising in the provision of high-availability secure infrastructure. We pride ourselves on our technical competence, transparency and attention to detail.