Security-Assessment.com is a certified QSA and QPASC under the PCI Program. We work with you to understand your audit requirements and scope. We are certified to provide you with the following mandated services:
Quarterly Network Vulnerability Scanning.
PCI Onsite Audits.
Payment Application Certification
With Security-Assessment.com you do not just get the scans and onsite audit. You get a partner that wants you to succeed. Even SANS likes our approach.
PCI Advisory Services
PCI Mandated Audits
How an organisation approaches PCI compliance project is key. Doing it without expert advice can complicate the project and become a more costly exercise than what it should be. Security-Assessment.com can assist you in understanding and identifying a pragmatic and cost beneficial PCI Compliance Roadmap.
Scope and PCI Compliance Roadmap Implementation.
PCI Compliance Gap Assessments
Self Assessment Questionnaire facilitation
Business Process Reengineering
Security-Assessment.com is a QSA auditor and uses approved scanning tools. We work with you to understand your audit requirements and scope. We are certified to provide you with:
Quarterly Network Vulnerability Scanning.
PCI Onsite Audits.
With security-assessment.com you do not just get a scan or an audit, but rather the support and expertise of our whole team of information security specialists.
Security-Assessment.com is one of Asia Pacific's first QPASCs - Qualified Payment Application Security Companies. We are now also authorised to review and assess vendor developed payment applications for certification by Visa.
The PCI DSS defines specific requirements for how applications should be developed if they process, store and transmit credit card and cardholder data. Security-Assessment.com can assist in the proactive identification of PCI application requirements that can be incorporated into the application life cycle:
PCI Requirements Definition
Application and Secure Coding Policies
PCI Application and Architecture Design
Application and Penetration Testing
Development Team Training
Penetration / Web Application testing should be done annually to comply with PCI. It extends the vulnerability assessment by providing tangible evidence that the environment can be compromised and to what extent. Examples of tests include;
Gaining unauthorised access to servers or devices
Obtaining sensitive information
Modifying data
Accessing another customers information and accounts
Accessing protected functionality without valid credentials
PCI Advisory Services
