PCI DSS
assessment

We are helping businesses to validate the payment systems, infrastructure and processes to PCI DSS standard.

We perform on-site security certifications for banks, processing centres, merchants,
service providers, e-commerce and fintech companies. Our experts provide in-depth analysis of client infrastructure, consult on scope reduction options,identify compliance deficiencies and provide objective remediation recommendations.

#

How we
do it

1. Gap analysis

We interview responsible representatives of the company for further discussion of standard requirements, current implementations and future plans. We also include documentation and a configuration review if necessary. The stage is finished with report indicating gaps in compliance along with suggestions and recommendations for resolving identified deficiencies. 

2. Remediation consultation

Organised in between the gap analysis and certification (final assessment), this is when clients can voice their concerns and be given clarification regarding their ongoing remediation or alternatives under consideration. 

3. Documentation (optional)

We help to solve daily operational challenges by providing a set of basic templates or developing tailor-made policy and procedural documents.

4. ASV scans

An external vulnerability scan of an organisation’s network is performed, from the outside looking inward. The scan report clearly indicates if a ‘pass’ score was attained, or remediation is required.

5. Cyber security (penetration) tests

A simulated cyberattack is made on the client’s ICT systems, to evaluate the security level of computer networks and ICT systems from outside and inside perspectives. 

6. Certification (final assessment)

A report is prepared based on on-site observations, interviews, reviews and tests. This stage verifies that all remediation activities were done properly, and the company is compliant with the standard. 

#

How we
do it

1. Gap analysis 2. Remediation consultation 3. Documentation (optional) 4. ASV scans 5. Cyber security (penetration) tests 6. Certification (final assessment)

We interview responsible representatives of the company for further discussion of standard requirements, current implementations and future plans. We also include documentation and a configuration review if necessary. The stage is finished with report indicating gaps in compliance along with suggestions and recommendations for resolving identified deficiencies. 

Organised in between the gap analysis and certification (final assessment), this is when clients can voice their concerns and be given clarification regarding their ongoing remediation or alternatives under consideration. 

We help to solve daily operational challenges by providing a set of basic templates or developing tailor-made policy and procedural documents.

An external vulnerability scan of an organisation’s network is performed, from the outside looking inward. The scan report clearly indicates if a ‘pass’ score was attained, or remediation is required.

A simulated cyberattack is made on the client’s ICT systems, to evaluate the security level of computer networks and ICT systems from outside and inside perspectives. 

A report is prepared based on on-site observations, interviews, reviews and tests. This stage verifies that all remediation activities were done properly, and the company is compliant with the standard. 

Trusted by

#

98 %

Client retention rate

100 %

Clients pass the audit on the first attempt 

>75 %

Long-term clients for more than seven years 

#