PCI AUDIT & PCI CERTIFICATION
As a Qualified Security Assessor (QSA) company, Secur has been approved by the Security Standards Council (SSC) to measure an organization’s compliance to the PCI DSS standard. Secur provide PCI Audit and PCI Certification services for organizations all around the world. Secur audit and assess both service providers and merchants, and we help them maintain compliance year on year.
Key Elements of PCI Audit and PCI Certification Services
Extensive team based across North America and EMEA
Strong Project Management capability, ensuring PCI Audits run on time and on budget
Strong references and testimonials
Secur is a PA-QSA and a PCI ASV company. Our team have been PCI Auditors since the standards inception
Secur have provided speaking slots at the annual PCI Community meetings
Additional PCI alignment services. Secur can support organizations align with ISO27001, NIST CSF, CIS, SANS and Cyber Essentials Plus to achieve synergy across cyber security standards and frameworks
Supporting PCI Services such as Vulnerability Assessments, Penetration Testing, Policy Writing and Managed SOC Services.
Secur have been an active contributor to the PCI standard since its inception and have contributed to many of the PCI Special Interest Groups including penetration Testing, tokenization and logging and monitoring. Secur provide a range of services around PCI DSS to help organizations maintain compliance, and our comprehensive project management team ensure all audits run to time and on budget.
Our international team of QSA consultants deliver PCI consulting services across the globe, for both merchants, service providers and acquirers alike. Secur work with level one and two organizations all the way down to level three and level four merchants. Our focus is on delivering high quality PCI guidance, in a pragmatic and risk based approached. This approach sets us out from the crowd and has enabled us to become the trusted partner of many organizations that are working towards, or maintaining PCI DSS compliance.
Why Choose Secur
Our Global Reach
Through Secur’s presence in throughout Africa, the team deliver PCI consulting, PCI auditing and PCI certification services for organizations with a global reach. Secur ensure that each client is provided with both a primary QSA and secondary QSA on all projects and engagements. This ensures maintenance of a consistent interface with your organization and generate maximum return on your investment. Secur have a proven methodology and project plan that helps our clients achieve compliance on budget and on schedule.
Secur’s QSA consultants are qualified to perform on-site audits for all merchants as well as being ideally placed to offer focused advice and consultancy on specific requirements. Services are tailored to the individual customer’s requirements but will extend across all 12 of the PCI requirements. Secur delivers policy writing services, designed for your organizations specific needs. Additionally, Secur provide penetration testing, ASV services and web ppplication testing services to identify vulnerabilities in your applications and infrastructure. Secur deliver Security Awareness Training (SAT), and secure coding workshops to help improve security knowledge within your users as well as your developers. Secur provide card discovery services, managed detection and response services and Security Operations Centre (SOC) functions to help organizations maintain their PCI compliance programme.
Expectations around PCI audit
Secur is able to provide full-suite services for organizations pursuing PCI certification. It is rare that organizations will have all of the controls in place to achieve compliance if they are only just starting out on the journey. Many organizations ask Secur how long it will take to achieve compliance, and for this there is no definitive answer(a bit like the saying “how long is a piece of string”). That said, for medium sized organization that are starting on the PCI journey, that already have robust InfoSec policies, procedures and practices Secur would recommend that it would be prudent to budget 3 months to achieve compliance. For organizations with straight forward environments it may be achievable in less time, and for organizations with larger PCI scopes, so this duration may need to be extended.
Secur recommends that organization have a walk-through audit, prior to the final audit commencing. This is recommended as there are strict rules defined by the PCI Security Council that govern how final audits are conducted. The run through process, (termed as a Pre-Audit) is designed to deliver assurance that the full audit and compliance activity will run to plan and run to budget.
Once organizations have been certified as being PCI Compliant, they will move in to a management and maintenance phase. Although many organizations will be relieved that the audit is behind them, the maintenance phase requires consistent demonstration of rigorous process and effective ongoing security practices. Secur is able to provide a range of services to support organizations on an ongoing basis, taking advantage our custom threat intelligence to ensure that the organizations are in tune with the current cyber threat landscape. Through the custom maintenance methodology that Secur presented at this conference, has supported many organizations in maintaining compliance throughout the ongoing review cycle.
What differentiates your managed service from other providers?
Secur understands that Information Security is a process not an event. Our team ensure that any days that you purchased are used effectively, even if your organization doesn’t experience a security incident. Any pre-purchased days can be used for a range of activities including:
- Malware analysis and reverse engineering
- Host intrusion analysis / digital forensics
- Network packet capture and analysis
- Data recovery
- Incident Testing
- First Responder Training
- Cyber insurance claims coordination
- Threat Hunting