Web Analytics
PCI DSS QSA | ingressum

PCI DSS QSA

Ingressum can assist your organisation become PCI DSS Compliant (Payment Card Industry Data Security Standard) if you process, store or transmit credit card payments. 

What is PCI DSS ?
PCI DSS, is jointly released by credit card companies aimed at protecting card holder data. The standard requires the members, merchants, and service providers using credit card facilities to carry out regular PCI Scans and PCI Security Audits after implementing the standard.
PCI DSS Requirements
Requirements of the standard - The PCI DSS version 3.2.1 is comprised of six control objectives that contain one or more requirements. In all there are 12 specific requirements under these control objectives. The verification and reporting process may vary depending on the level of merchants and service providers. An organization is also expected to identify its category or type for identifying what requirements are applicable to it.
Benefits of Implementing PCI DSS
Some of the benefits of obtaining PCI DSS are as follows:
  • Provides guidance to organizations for protecting customer data
  • Provides assurance to customers for the secure storage, transmission and use of their personal data
  • Helps evade fines in case of a mishap
  • Determine security posture and improvise
  • Prioritzing investment in infrastructure

Related Services:

  • IT Audit

  • Penetration Testing

  • Vulnerability Assessment

Ingressum Approach
Ingressum helps organizations meet all the requirements with the help of its robust consulting methodology. 

Build and Maintain a secure network: Installing, configuring, and providing guidance on maintaining firewalls, intrusion detection and prevention systems, anti-virus and anti-spyware solutions. Reconfiguring default installations and customizing the setup. Conduct regular internal and external vulnerability assessments

Secure the Network

Protect Card Holder Data: Identifying the storage, transit channel, transit method, archival and retrieval of credit card data and securing the same. Identifying and implementing the appropriate controls at each data interface and data container

Protect Card Holder Data

Maintain a Vulnerability Management Program: Conduct regular vulnerability identification, assessment and reporting exercises with fix implementation

Regular Vulnerability Assessments

Implement Strong Access Control Measures: Identify all logical and physical access points and ensure the access controls are present as per the requirement of the standard. Ensuring independent and reliable authentication and authorization schemes exist for access control

Strong Access Control

Regularly Monitor and Test Networks: Devise processes to regularly maintain and track network and data access and report any incidents in due time via a risk management procedure

Regularly test everything

Maintain an Information Security Policy: Draft and maintain a well-defined information security policy which addresses all the prerequisities of the standard.

Maintain Security Policies

A typical cycle of credit card information touch points is shown in the diagram below:

Copyright © Ingressum Pty Ltd 2019

Ingressum refers to the Ingressum network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.ingressum.com/structure for further details.

  • Facebook Clean