As a Qualified Security Assessor (QSA) company, Secur has been approved by the Security Standards Council (SSC) to measure an organization’s compliance to the PCI DSS standard. Secur provide PCI Audit and PCI Certification services for organizations all around the world. Secur audit and assess both service providers and merchants, and we help them maintain compliance year on year.
Key Elements of PCI Audit and PCI Certification Services
- Extensive team based across North America and EMEA
- Strong Project Management capability, ensuring PCI Audits run on time and on budget
- Strong references and testimonials
- Secur is a PA-QSA and a PCI ASV company. Our team have been PCI Auditors since the standards inception
- Secur have provided speaking slots at the annual PCI Community meetings
Secur have been an active contributor to the PCI standard since its inception and have contributed to many of the PCI Special Interest Groups including penetration Testing, tokenization and logging and monitoring. Secur provide a range of services around PCI DSS to help organizations maintain compliance, and our comprehensive project management team ensure all audits run to time and on budget.
Our international team of QSA consultants deliver PCI consulting services across the globe, for both merchants, service providers and acquirers alike. Secur work with level one and two organizations all the way down to level three and level four merchants. Our focus is on delivering high quality PCI guidance, in a pragmatic and risk based approached. This approach sets us out from the crowd and has enabled us to become the trusted partner of many organizations that are working towards, or maintaining PCI DSS compliance.
Why Choose Secur
Our Global Reach
Through Secur’s presence in throughout Africa, the team deliver PCI consulting, PCI auditing and PCI certification services for organizations with a global reach. Secur ensure that each client is provided with both a primary QSA and secondary QSA on all projects and engagements. This ensures maintenance of a consistent interface with your organization and generate maximum return on your investment. Secur have a proven methodology and project plan that helps our clients achieve compliance on budget and on schedule.
Secur’s QSA consultants are qualified to perform on-site audits for all merchants as well as being ideally placed to offer focused advice and consultancy on specific requirements. Services are tailored to the individual customer’s requirements but will extend across all 12 of the PCI requirements. Secur delivers policy writing services, designed for your organizations specific needs. Additionally, Secur provide penetration testing, ASV services and web ppplication testing services to identify vulnerabilities in your applications and infrastructure. Secur deliver Security Awareness Training (SAT), and secure coding workshops to help improve security knowledge within your users as well as your developers. Secur provide card discovery services, managed detection and response services and Security Operations Centre (SOC) functions to help organizations maintain their PCI compliance programme.
Expectations around PCI audit
Secur is able to provide full-suite services for organizations pursuing PCI certification. It is rare that organizations will have all of the controls in place to achieve compliance if they are only just starting out on the journey. Many organizations ask Secur how long it will take to achieve compliance, and for this there is no definitive answer(a bit like the saying “how long is a piece of string”). That said, for medium sized organization that are starting on the PCI journey, that already have robust InfoSec policies, procedures and practices Secur would recommend that it would be prudent to budget 3 months to achieve compliance. For organizations with straight forward environments it may be achievable in less time, and for organizations with larger PCI scopes, so this duration may need to be extended.
Secur recommends that organization have a walk-through audit, prior to the final audit commencing. This is recommended as there are strict rules defined by the PCI Security Council that govern how final audits are conducted. The run through process, (termed as a Pre-Audit) is designed to deliver assurance that the full audit and compliance activity will run to plan and run to budget.
Once organizations have been certified as being PCI Compliant, they will move in to a management and maintenance phase. Although many organizations will be relieved that the audit is behind them, the maintenance phase requires consistent demonstration of rigorous process and effective ongoing security practices. Secur is able to provide a range of services to support organizations on an ongoing basis, taking advantage our custom threat intelligence to ensure that the organizations are in tune with the current cyber threat landscape. Through the custom maintenance methodology that Secur presented at this conference, has supported many organizations in maintaining compliance throughout the ongoing review cycle.
Our PCI DSS consultancy services
- Solution Design Workshop
- PCI DSS scope determination and scope reduction services
- PCI DSS gap analysis and prioritized action planning
- PCI DSS Implementation Support and PCI Self-Assessment Questionnaire (SAQ)
- PCI DSS Report on Compliance (ROC) audit
- P2PE implementation assessments
- Penetration testing and vulnerability scanning services
- ASV Scanning
Our expertise and qualifications
Our QSAs come from a broad and diverse set of backgrounds: IT and Network Systems Administrators, Risk and compliance Professionals, Auditors and software developers. Our certifications include:
What differentiates your managed service from other providers?
Secur understands that Information Security is a process not an event. Our team ensure that any days that you purchased are used effectively, even if your organization doesn’t experience a security incident. Any pre-purchased days can be used for a range of activities including:
- Malware analysis and reverse engineering
- Host intrusion analysis / digital forensics
- Network packet capture and analysis
- Data recovery
- Incident Testing
- First Responder Training
- Cyber insurance claims coordination
- Threat Hunting
QUALIFIED SECURITY ASSESSORS
Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. QSA Employees are individuals who are employed by a QSA Company and have satisfied and continue to satisfy all QSA Requirements.
Please note, the PCI Security Standards Council maintains an in-depth program for security companies seeking to be certified as Qualified Security Assessors, and to be re-certified as QSAs each year.
Certification and re-certification indicate only that the applicable QSA has successfully met all PCI Security Standards Council requirements to perform PCI DSS Assessments, and the PCI Security Standards Council does not endorse these security solution providers or their business processes or practices.