PCI DSS


The Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that store, process and/or transmit cardholder data. The framework covers technical and operational system elements connected to cardholder data. If you store, process or transmit credit card data you are subject to this standard. GBS is a Qualified Security Assessor (QSA) and as a
QSA we are authorised to help your company obtain and maintain PCI DSS compliance. GBS can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package. GBS is an Approved Scanning Vendor (ASV) – an organisation with a set of security services and tools available to validate adherence to the external scanning condition of the PCI DSS requirement 11.2. The scanning vendor’s ASV scan solution is always
tested and approved by the PCI SSC before an ASV is added to the list of approved scanning vendors.

PCI DSS


The Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that store, process and/or transmit cardholder data. The framework covers technical and operational system elements connected to cardholder data. If you store, process or transmit credit card data you are subject to this standard. GBS is a Qualified Security Assessor (QSA) and as a
QSA we are authorised to help your company obtain and maintain PCI DSS compliance. GBS can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package. GBS is an Approved Scanning Vendor (ASV) – an organisation with a set of security services and tools available to validate adherence to the external scanning condition of the PCI DSS requirement 11.2. The scanning vendor’s ASV scan solution is always
tested and approved by the PCI SSC before an ASV is added to the list of approved scanning vendors.

GRC SOLUTIONS


Most companies have established security standards and procedures in place, but as the world is conforming on one standard, a reassessment is necessary. A PCI DSS Gap Assessment is an analysis on the differences between established security standards and those demanded by the PCI SSC. The variances, or “gap”, are then determined and corrected. If you have been asked to comply with the PCI DSS by a card brand, an issuing, an acquiring bank, a business partner, or a customer who requires it as part of a due diligence exercise, GBS can help you. GBS’s PCI DSS 360 Gap Analysis is available for both remote and on-site activities. Our process includes interviewing system architects, systems administrators, testing personnel, support staff and others to gather the most information possible – aiding the subsequent analysis and generation of a the final PCI DSS Gap Analysis report. To address PCI requirements 12.5 and 12.6, which refer to the distribution of security polices throughout existence of a formal security program, GBS will assist you in building these programs and ensuring that these requirements will be met. The GBS 360 Security Awareness Program is designed to help you raise the level of understanding of how important security is today and help you push responsibility .

INFORMATION SECURITY MANAGEMENT


Variances between the PCI DSS and an organisation’s currently established policies and practices detected in the gap assessment need to be addressed. Any entity that accepts payment card transactions must be compliant with all 12 elements of the PCI Data Security Standard. GBS provides individual services for implementing missing elements of an organisation’s security
policies to match that of the PCI DSS. Remediation is achieved when solutions and sound policies are implemented that fully address and satisfy the compliance requirements.
• Client Remediation Workshop Projects
• PCI DSS Policies and Procedures
• External ASV Scans in a PCI DSS Scoped Environment
• Cardholder Data Discovery
• Internal Scans of a PCI DSS Scoped Environment External Penetration Testing of a PCI DSS Scoped Environment Internal Penetration Testing of a PCI DSS Scoped Environment

We are Consulting specialist

PCI SECURITY AWARENESS PROGRAM


Our highly international staff have decades of experience in IT Security, having worked directly with the major card brands, acquirers as well as merchants and payment service providers. The GBS Team fully understands the kind of risk and pressure our clients go through to reach their IT security, compliance and governance objectives.
GBS’s 2-Day workshop, delivered by a QSA, has three components:

Management Training

A management training session for senior managers, HR executives and CxOs.

Security Awareness

An end-user security awareness training session – including a test of the material.

Session Analysing

A session analysing the company polices and ad- dressing any gaps

Our highly international staff have decades of experience in IT Security, having worked directly with the major card brands, acquirers as well as merchants and payment service providers. The GBS Team fully understands the kind of risk and pressure our clients go through to reach their IT security, compliance and governance objectives.