What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a global security standard mandated by the leading Card Schemes, including Visa and MasterCard. Although compliance with the standard is not a legislative requirement in Australia, your business is most likely required to become compliant by your payment provider. Non-compliance by a merchant or service provider may incur into severe penalties and brand damage in case of a security incident.
Cliffside Security can enable your PCI DSS compliance by
Scope discovery, definition and reduction
We work with your teams to identify and map all business processes in your organisation that utilise credit card numbers (reconciliation, settlement, claims, etc.). Once identified, we will propose actions to reduce the scope to the bare minimum, saving you precious time and resources.
Once the scope has been defined, and the boundaries around your business for compliance well understood, we perform a PCI DSS gap assessment to identify where possible shortcomings in people/processes and technology can hinder your progress.
We will then prepare a remediation plan and roadmap based on the gap assessment results, catering for your existing projects and future scope increase/reduction. The roadmap can be shared with your payment service provider to demonstrate commitment and keep them abreast of your progress.
Continuous Assessment & QSA Engagement
Once remediation for a given gap is concluded, we will update the remediation plan to reflect your level of compliance. As ex-QSAs, we understand what the assessors will be looking for, and in what format. Cliffside Security consultants can manage the engagement on your behalf, or as a partner, ensuring compliance expenditure with onerous PCI QSAs is kept to a minimum.