|
Founded in 1995, Lovell Cooper and Associates is an information security consulting company and “Your Partner for a Secure Future.” We excel in security solutions to meet the most demanding security requirements of IT environments with enterprise-wide protection to reduce the security risks posed against organizations. | |
ServicesWhy you need a PCI Readiness AssessmentWhy start with a PCI Readiness Assessment? Because of the complexities and efforts required in meeting PCI compliance, organization's that are new to the payments industry requirements would greatly benefit from a PCI Readiness Assessment. An in-depth series of self-guided questionnaires for preparing your organization for compliance, the readiness assessment is a must for helping understand scope, deficiencies within your existing security infrastructure, while helping lay the groundwork for successful compliance with the PCI framework. Moreover, the readiness assessments are conducted off-site, thus minimizing disruption to your operations. Better yet, these series of self-guided questionnaires can be easily completed on your own time. You don't go from first to third without a pit stop at second, the same holds true for PCI DSS compliance. Ensuring a successful assessment for all your PCI needs requires a structured process, beginning with a PCI Readiness Assessment. PCI Assessments & Reporting from a Trusted NameThe PCI Assessments reporting is the culmination of activities allowing an approved Qualified Security Assessor (QSA) to assist in preparing and/or issuing the required documentation as demanded by the major payment brands. The most commonly used term is the Report on Compliance (ROC). The ROC is what's demanded by Visa for reporting requirements for Service Providers and Merchants. Hence, because of Visa's large market share, the ROC is a common phrase used throughout the industry. However, other major payment brands also have requirements for reporting, such as the Discover DISC Attestation of Compliance form along with the Master Card Certificate of Validation. Additionally, American Express calls for an annual Executive Summary of Onsite Security Audit Report. And there are more terms and phrases used throughout the major payment brands to describe other reporting requirements. Let NDB Advisory help you with PCI DSS Self AssessmentLooking to conduct your own PCI Self Assessment? While not all entities will be required to go through an annual onsite review by a Qualified Security Assessor (QSA), a self assessment questionnaire will have to be conducted by many parties. However, this is much more than a simple "questionnaire". Rather, it’s taking the time and putting into place the necessary policies, procedures and security infrastructure needed to meet the requirements of the self assessment questionnaire, easier said than done.Lovell Cooper and Associates can provide ample support for ensuring your organization is fully capable of meeting the requirements of the self assessment questionnaire. From a PCI Readiness Assessment to other consultative services we offer, our staff has the tools and industry knowledge to assist your organization. The Payment Card Industry (PCI) Security Standards Council (SSC) has published the self-assessment questionnaire for organizations needing to undertake this task. PCI Policies & Procedures: Why you need themAs with most regulatory compliance mandates, the inherent weakness for organizations lie in the documentation of their policies and procedures. Payment Card Industry compliance, specifically requirement 12: Maintain a policy that addresses information security for employees and contractors, requires organizations to develop a comprehensive set of documented policies and procedures for their organization. For example, company X may very well do an excellent job of tape/media backup and archival, but is there a documented process that discusses these activities with specific procedures to follow? The same example can be applied across the board to many of the core, functional areas within the PCI framework. In short, you will need to develop documented policies and procedures to suffice for Requirement 12 of PCI and the numerous other areas where these policies and procedures are needed. What's needed is the development of policies and procedures that are current, accurate, relevant and specific enough in nature to warrant their credibility for purposes of PCI compliance. Lovell Cooper and Associates' personnel have spent years putting together industry best of breed Policies & Procedures templates. We have developed a wide range of templates, spreadsheets, documents, and other supporting materials for helping organizations build highly customizable and scalable Policies & Procedures documents for the following areas:
Risk and Compliance
Network Security Testing
Forensics & eDiscovery
|
|