PCI Compliance


About PCI Compliance

The card payment industry has a formalized standard for security procedures and methods. It is known as: Payment Card Industry Data Security Standard (PCI DSS). These procedures are required to be followed by companies which want to process payment card transactions. The PCI DSS is designed to ensure that companies protect cardholder data when being stored (onsite or offsite) and when being transmitted.

ZenithSecure offers a range of services that help clients to improve their overall IT security while meeting the requirements of the card processing industry. ZenithSecure has capabilities to enable clients to address core PCI DSS requirements, such as application security and IT Security policy development.

Clients need to comprehend their current level of PCI compliance and use that information to create and follow improvement plans. When they have an issue they need to have the ability to make corrections to their processes and procedures. These corrections will help them to improve their overall security.

PCI Assessment

As companies examine their PCI DSS compliance they must acknowledge gaps which exist to be able to identify remediation needs.

An important function of our PCI Assessment is to show clients exactly what is their compliance status now and what they need to change to be in full compliance. Clients must learn where they are in compliance and where they are not.

Wherever they are out of compliance we will report the issue and create a method for resolving this compliance weakness or gap. The vital outcome of our PCI Assessment is the report including all weaknesses and gaps along with ZenithSecure recommendations for resolution of these issues.

The ZenithSecure PCI Assessment procedure follows the following process:

  • Assessing a client’s compliance with current PCI DSS standards with an appraisal of the infrastructure components processing cardholder data, including; networks, applications, servers and storage devices.
  • Comparing current client procedures and methods for managing cardholder data with the PCI DSS standard, as well as best practices from ZenithSecure experience.
  • Documenting in the ZenithSecure PCI Assessment Report all of the weaknesses and gaps found in client infrastructure components as well as their procedures and methods; compared to PCI DSS compliance standards.
  • As the concluding section of this client report, ZenithSecure will recommend necessary improvements and changes which will bring the client into compliance with PCI DSS standards. These improvements will include changes to or improvements in currently employed: technology, infrastructure components, policies, procedures and methods.

Quality Program Management

ZenithSecure assist our clients with their program management to implement their system and processes for PCI compliance. For clients with existing systems and processes we assist them to make the necessary changes for full compliance.

These changes will result from our recommendations based upon our findings during the assessment of their current PCI compliance. Our team assists them in deploying technological and procedural changes, quickly and seamlessly.

ZenithSecure will work with your employees or we can create and employ a quality program management team for your PCI compliance initiative.

To ensure success we will manage all of the aspects involved in this important project. This management begins with precise documentation to ensure that all participants understand exactly: roles and responsibilities, milestones and goals, time and financial budgets, deadlines, and reports. Working with the document and all parties involved we will track issues and the need for changes right through to the completion of the project.

ZenithSecure PCI Assessment Services:

  • Create or redefine client policies, procedures and methods for managing cardholder data which are in compliance with the PCI DSS standards.
  • Document and communicate to the client exactly what their PCI compliance status is at this time.
  • Inform clients how to quickly and seamlessly make necessary changes to be in full compliance with the PCI DSS standards.
  • Recommend security changes which bring clients into compliance with PCI standards while enhancing their companywide security.

PCI Training

The ZenithSecure PCI DSS training courses enable clients to learn to practice diligent performance of the proper procedures and processes established by PCI DSS. The primary focus of the course is on the technical controls and how they can be measured.

This standard is a set of inclusive controls which are designed to manage any risks regarding payment card transactions, particularly over the Internet. Compliance validation is one of the requirements under these standards.

Who Should Attend

  • Managers overseeing PCI DSS compliance
  • External auditors performing PCI DSS validation
  • Security professionals operating in a PCI DSS compliant environment
  • Internal auditors desiring to validate compliance
  • Trainers charged with training employees in PCI DSS procedures
  • Employees who must follow PCI DSS standards

Sampling of Topics

  • Requirements for compliance
  • Compliance guidance for each control
  • Explanation of alternative controls
  • Discussion of determining scope for compliance requirements