PCI DSS Consulting
What is PCI DSS?
The PCI DSS is a minimum set of technical and organisational requirements designed to help businesses protect customers’ cardholder data against fraud through robust payment security.
All organisations that accept or process credit card payments are required to undertake an annual PCI DSS audit of security controls and processes, covering areas of data security such as retention, encryption, physical security, authentication and access management.
How Ejaf will help you to get PCI compliant?
Ejaf is the only company authorized in Iraq to provide the PCI DSS audit services. Ejaf offers pre-assessment, consulting and audit services through the Qualified Security Assessors (QSA) licensed by the PCI SSC. As an industry leader in payments security space, we can help you understand your requirements, assess your current state of compliance, identify gaps and threats, and supports you to remediate the gaps and risks in order to achieve the PCI Compliance.
The services we offer in the PCI DSS compliance road map can be grouped into three categories:
There is no one-size-fits-all solution to every security problem. We are flexible and only offer what our clients need when it comes to IT security professional services. As such, we thrive on small or large scale projects; whether it is just a half-day security infrastructure review, or Firewall rule optimization, or an exhausted review of your overall cyber security solution. By using the considerable knowledge and compliance expertise of our consultants, Ejaf remediation services helps minimizing your risk of non-compliance and maximizing your investment.
A Pre-Assessment “Readiness review” lays the groundwork and prepares you for undergoing a successful PCI assessment. In our experience, this also helps to prioritize efforts, establish milestones, and lowers the risk of surprises during the compliance process. We do not take a one-size-fits-all approach. Instead, we customize our approaches to focus on the areas where you need the most assistance and set priorities. A matrix of evidence mapping will be provided to assist the client in prioritizing next steps and remediation. Strategic recommendations are provided at the end of the Pre-Assessment.
PCI Compliance Scoping
Defining and minimizing the appropriate scope for your credit card data environment is a critical part of our approach, especially for a client who is planning their first PCI assessment. Our consultants identifying in-scope components and processes. Depending upon the needs of our clients, we will provide a scope document and other required reports such as a “Next Steps Report” to aid in planning and in making strategic decisions.
This goes beyond the Pre-Assessment Readiness Review. Our QSA consultants will review and analyse the supporting PCI related data in greater detail and the data mapping is key to identifying gaps and areas of weakness. Our consultants provide remedial advisory along the way. A GAP report will document our findings, recommendations, and a road map to achieve compliance.
Report on Compliance (ROC)
For our Report on Compliance service (ROC), our QSA will focus on all pertinent areas of the current PCI DSS standard and dive into the details associated with each required control. Our PCI Compliance services utilize a combination of remote and onsite interviews, documentation review, walk-through of cardholder data processing environments, examining process flows, support systems, and all other areas associated with card-data processing. Once compliant, an Attestation of Compliance is completed at the end of the project.
Self Assessment Questionnaire
Our QSAs will provide guidance and assistance to service providers and merchants that wish to complete their own PCI Self-Assessment Questionnaire (SAQ). They will evaluate client’s SAQ and verify whether the client has sufficient evidence to support their compliance assessment. Our consultants will provide valuable information to assist clients in making informed decisions on their PCI compliance status for each of the requirements.
PCI Continuous Compliance
Maintaining PCI-DSS compliance between assessments can be a challenging proposition, it cannot be considered a once a year event. Our consultant will work with you to establish compliance checkpoints throughout the year. This program is tailored to the specific needs of individual clients. It has several benefits, including in helping plan compliance activities, reduce annual PCI DSS assessment efforts through continual compliance demonstration, and increasing compliance sustainability by elimination of compensating controls.