Key Elements of PCI Audit and PCI Certification Services

Secur have been an active contributor to the PCI standard since its inception and have contributed to many of the PCI Special Interest Groups including penetration Testing, tokenization and logging and monitoring.  Secur provide a range of services around PCI DSS to help organizations maintain compliance, and our comprehensive project management team ensure all audits run to time and on budget.

Our international team of QSA consultants deliver PCI consulting services across the globe, for both merchants, service providers and acquirers alike. Secur work with level one and two organizations all the way down to level three and level four merchants.  Our focus is on delivering high quality PCI guidance, in a pragmatic and risk based approached. This approach sets us out from the crowd and has enabled us to become the trusted partner of many organizations that are working towards, or maintaining PCI DSS compliance.

Why Choose Secur

Our Global Reach

Through Secur’s presence in throughout Africa, the team deliver PCI consulting, PCI auditing and PCI certification services for organizations with a global reach.  Secur ensure that each client is provided with both a primary QSA and secondary QSA on all projects and engagements. This ensures maintenance of a consistent interface with your organization and generate maximum return on your investment. Secur have a proven methodology and project plan that helps our clients achieve compliance on budget and on schedule.

Our methodology

Secur’s QSA consultants are qualified to perform on-site audits for all merchants as well as being ideally placed to offer focused advice and consultancy on specific requirements. Services are tailored to the individual customer’s requirements but will extend across all 12 of the PCI requirements.  Secur delivers policy writing services, designed for your organizations specific needs. Additionally, Secur  provide penetration testing, ASV services and web ppplication testing services to identify vulnerabilities in your applications and infrastructure. Secur deliver Security Awareness Training (SAT), and secure coding workshops to help improve security knowledge within your users as well as your developers. Secur provide card discovery services, managed detection and response services and Security Operations Centre (SOC) functions to help organizations maintain their PCI compliance programme.

Expectations around PCI audit

Secur is able to provide full-suite services for organizations pursuing PCI certification. It is rare that organizations will have all of the controls in place to achieve compliance if they are only just starting out on the journey.  Many organizations ask Secur how long it will take to achieve compliance, and for this there is no definitive answer(a bit like the saying “how long is a piece of string”).  That said, for medium sized organization that are starting on the PCI journey, that already have robust InfoSec policies, procedures and practices Secur would recommend that it would be prudent to budget 3 months to achieve compliance. For organizations with straight forward environments it may be achievable in less time, and for organizations with larger PCI scopes, so this duration may need to be extended.

Secur’s Recommendations

Secur recommends that organization have a walk-through audit, prior to the final audit commencing.  This is recommended as there are strict rules defined by the PCI Security Council that govern how final audits are conducted. The run through process, (termed as a Pre-Audit) is designed to deliver assurance that the full audit and compliance activity will run to plan and run to budget.

Once organizations have been certified as being PCI Compliant, they will move in to a management and maintenance phase. Although many organizations will be relieved that the audit is behind them, the maintenance phase requires consistent demonstration of rigorous process and effective ongoing security practices. Secur is able to provide a range of services to support organizations on an ongoing basis, taking advantage our custom threat intelligence to ensure that the organizations are in tune with the current cyber threat landscape. Through the custom maintenance methodology that Secur presented at this conference, has supported many organizations in maintaining compliance throughout the ongoing review cycle.

Our PCI DSS consultancy services

• Solution Design Workshop
• PCI DSS scope determination and scope reduction services
• PCI DSS gap analysis and prioritized action planning
• PCI DSS Implementation Support and PCI Self-Assessment Questionnaire (SAQ)
• PCI DSS Report on Compliance (ROC) audit
• P2PE implementation assessments
• Penetration testing and vulnerability scanning services
• ASV Scanning

Our expertise and qualifications

Our QSAs come from a broad and diverse set of backgrounds: IT and Network Systems Administrators, Risk and compliance Professionals, Auditors and software developers. Our certifications include: 

What differentiates your managed service from other providers?

Secur understands that Information Security is a process not an event. Our team ensure that any days that you purchased are used effectively, even if your organization doesn’t experience a security incident. Any pre-purchased days can be used for a range of activities including: