PCI DSS Compliance

The PCI DSS is set up to provide organisations with a minimum set of prescribed controls to proactively protect customer account data and prevent its disclosure to malicious third parties. The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. (www.pcisecuritystandards.org )

Due to its width and breadth, the PCI DSS poses many and varied challenges to an organisation. Achieving and maintaining compliance is not simply a technical issue.  The independent validation of PCI compliance can be conducted by Qualified Security Assessors only.

Dimension Data New Zealand is a Qualified Security Assessor (QSA) company that provides PCI DSS onsite reviews. Dimension Data New Zealand's QSAs (Qualified Security Assessors) work with you to understand your compliance requirements.

With Security-Assessment.com you do not just get the annual penetration testing, quarterly scans and a Dimension Data New Zealand onsite review. You get a security partner that wants you to succeed. Our approach helps to ensure that our clients are achieving, validating and maintaining their compliance.

PCI Advisory Services

How an organisation approaches PCI compliance projects is key. Doing it without expert advice can complicate the project and become a more costly exercise than what it should be. Security-Assessment.com can assist you in understanding and identifying a pragmatic and cost beneficial PCI Compliance Roadmap.

  • Scope and PCI Compliance Roadmap Implementation
  • Current state assessment against PCI DSS
  • PCI Compliance Gap Assessments
  • Self Assessment Questionnaire facilitation
  • Business Process Reengineering
  • Onsite PCI validation (Dimension Data New Zealand)
  • Certificate of Compliance (Issued by Dimension Data New Zealand)

PCI Assurance Services

Dimension Data New Zealand is a PCI QSA company. We are able to provide a number of the PCI mandated services as per PCI DSS:

  • Quarterly Network Vulnerability Scanning through our ASV partner Qualys (managed or self-managed)
  • Annual Penetration Testing (External and Internal)
  • Application security assessments

Penetration / Application testing should be done annually to comply with PCI. It extends the vulnerability assessment by providing tangible evidence that the environment can be compromised and to what extent. Examples of tests include:

  • Gaining unauthorised access to servers or devices
  • Obtaining sensitive information
  • Modifying data
  • Accessing another customers information and accounts
  • Accessing protected functionality without valid credentials

Security-Assessment.com’s independent PCI solutions support your efforts to evaluate your current readiness for PCI assessments, provide recommendations and findings, and implement strong controls to help you maintain a consistent PCI compliance environment.

Drawing on an in-depth understanding of today's security threat landscape and backed by extensive experience in the IT security field – Security-Assessment.com is able to provide a security partnership to help you meet not only PCI compliance but also any other data integrity and privacy initiatives.

Security-Assessment.com firmly believes in educating its clients about compliance-as-an-ongoing-process. Security-Assessment.com understands that purchasing approved security products does not ensure compliance. Rather, organisations need to be cognisant not only of how they implement the solution, but of how they "manage and maintain those systems” as well.