|
A company that is preparing
for either their first PCI DSS audit or is preparing for
their annual renewal. |
|
A company that believes
it has achieved most of the requirements of the new PCI
DSS Standard Version 1.1 but wants a QSA-certified auditor
to review their procedures and compensating controls prior
to engaging in an expensive audit. |
|
A company that wants
to engage a firm that can both identify and remediate
any potential gaps in PCI DSS compliance before the actual
audit. |
The scope of our Pre-PCI Assessment Services
includes a thorough review of all 6 control areas and 12 requirements
as defined in PCI DSS Standard Version 1.1. The QSA-certified
auditor will prepare a detailed gap analysis and remediation
plan to ensure compliance for the actual audit. Arsenal utilizes
a proprietary application that provides detailed questionnaires,
checklists and scoring to clearly identify areas of concern
The Pre-PCI Assessment covers all 6 control
areas:
|
Build and Maintain a Secure
Network |
|
Protect Cardholder Data |
|
Maintain a Vulnerability
Management Program |
|
Implement Strong Access
Control Measures |
|
Regularly Monitor and
Test Networks |
|
Maintain an Information
Security Policy |
After an initial call, the Arsenal Security
Group Senior Partner will prepare a statement of work within
2 days and we normally can begin an engagement within two
weeks. During the engagement we will use interviews, questionnaires,
physical tours and technical tools to develop our assessment.
One of our Senior Partners will lead the engagement working
with one of our QSA-certified auditors. We will provide an
executive summary, a detailed report with all of our findings
and recommendations, and a final onsite presentation. Our
engagement is not complete until all of our deliverables have
been reviewed and accepted by our client.
About
Arsenal Security Group
Arsenal Security Group is a security
consulting firm that is focused on close client coordination
and collaboration. From the initial meeting through the final
presentation, one of Arsenal Security Group’s Senior
Partners will be the primary contact for all engagement activities.
We proactively conduct weekly calls with our client when engaged
and meet with clients on a quarterly basis to review and understand
their security posture – even when we are not actively
engaged on assignment to ensure they are aware of new security
risks or regulatory changes they may impact their business.
^^ Top |
