Information Infrastructure, Insight

01483 520 200

PCI DSS Compliance

The objective of the PCI DSS Compliance (Payment Card Industry - Data Security Standard) is to implement a global programme to significantly reduce the risk to card holder information held by merchants. The PCI DSS Compliance is a standard against which all businesses that store, process or transmit Primary Account Number (PAN) data need to comply with, regardless of the merchant level they are rated at.

MTI holds PCI QSA status (Qualified Security Assessor)

Your PCI DSS Compliance Questions Answered

Q1. What are the twelve major requirements of the PCI DSS Compliance?

The standard comprises twelve major requirements, which are further grouped under six related 'control objectives' as shown below:

Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networkss
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security

More information is available at: https://www.pcisecuritystandards.org

Q2. How can MTI assist our organisation to achieve PCI DSS Compliance?

The process we use can be briefly outline as follows:

Minimise the PCI-DSS Footprint: As the PCI DSS only applies to network and application infrastructure that transmit or store credit card data elements, the first priority for MTI will be to analyse and make recommendations to shrink to the 'in-scope' component of the network and application infrastructure to its smallest practical footprint in order to reduce the PCI compliance footprint and the associated costs.
Select the Correct SAQ and Validate the Assessment Output: Once the PCI DSS 'in scope' environment is minimised, MTI will assist your organisation to determine which self-assessment questionnaire (SAQ) is applicable, facilitate the collection of data required against the SAQ and then validate the output thereof against the requirements of the standard.
Develop a Remediation Roadmap: MTI will work with your organisation to develop a 'roadmap to compliance' which, when implanted, will leave your organisation fit and ready for a QSA to conduct a PCI DSS Compliance audit and sign off your compliant status.

Q3. Why is MTI's PCI QSA status important and what does it mean?

Larger organisations that handle cardholder data are required by the PCI to have their compliance assessments carried out by a PCI Qualified Security Assessor (QSA). QSAs have undergone training and examination and have been certified by the Council to validate an entity's adherence to the PCI DSS.

As a QSA certified company, MTI is in a postion to help and advise organisations of all sizes to the highest standards.

Next Steps...

If you would like more information regarding PCI DSS Compliance please contact the MTI security consultancy team to discuss your requirements. You may also be interested in our ISO 27001 Consultancy solutions.

Request Call Back

Request Pricing

CHECK Green Light Member
Member of the Council of Registered Ethical Security Testers

Attend our #vmware #vcenter operations manager webcast on 11/6 and gain operations intelligence and compliance - find out more.

Seminar: MTI VSPEX Event at The Aberdeen Maritime Museum
Wed May 29 2013 - 1:30 PM
Location: The Aberdeen Maritime Museum

Workshop: VSPEX Lunch-Workshop im Solution Center Wiesbaden
Tue Jun 04 2013 - 11:00 AM
Location: MTI Technology GmbH, Wiesbaden

See all Events & Shows

Datacentres
MTI has established itself as a key partner for businesses looking to leverage skill and experience in the delivery of effective, high-value Datacentre solutions.
Secure Cloud Storage
The key differentiator that MTI brings to the marketplace with its Cloud offerings is the ability to design a bespoke Cloud solution that takes into account all the customers concerns and requirements.
IT Security
MTI is a trusted expert in delivering a full range of IT security solutions for your organisation as providing consultancy on data security regulations and offering accredited network penetration testing services.
Managed Services & Support
MTI is well-established as an experienced provider of a whole range of services that directly support the technology solutions that it provides to businesses throughout EMEA.
Meet the Management Team
The MTI Management Team includes some of the most experienced and respected figures in the IT industry and together they make a formidable force working on behalf of our partners.
Case Studies
Providing details of the different solutions that MTI has designed and deployed for its’ clients. In many cases clients have chosen to comment on the effectiveness and inherent value of the MTI approach.
Contact MTI
If you need advice, assitance or further information on our range of products or services don't hesitate to get in touch.

Call Back Request for	PCI DSS Compliance
First Name*
Last Name*
Email
Phone*
Company*
Further Details

Pricing Request for	PCI DSS Compliance
First Name*
Last Name*
Email*
Phone*
Company*
Further Details