Acertigo provides with its Security Services for PCI a comprehensive set of services to assist banks, processors, payment service providers and merchants in achieving compliance with the PCI-DSS requirements. The proven Acertigo methodology and rendering of services are divided into different stages to assist the customer in achieving compliance. During these stages, Acertigo provides the customer with mandatory and optional services to allow the customer to achieve compliance in an efficient and timely manner. These stages are:
Education and Assessment Preparation
To understand the focus of PCI-DSS and to define the scope of relevant areas, Acertigo provides detailed information and training for the customers to improve the level of attention and understanding of the management and involved staff members.
Compliance Advisory and Support
During this stage the identification of weaknesses and deviations from the requirements of the PCI-DSS is performed. For customers, who have not undergone a PCI validation in the past, Acertigo recommends this phase or parts of this phase to highlight areas of non-compliance and prioritize the respective remediation actions.
Vulnerability Scanning Services
The PCI-DSS requires that vulnerability scans are performed on a regular basis. The scan detects vulnerabilities on the external facing IP addresses of the customers’ network infrastructures to help identifying gaps and to improve the external security.
An onsite review according to the PCI Security Audit Procedures is conducted by Acertigo auditors together with the responsible staff of the customer during an onsite visit. This review addresses processes and procedures, physical and logical security, documentation and security management.