PCI DSS Services
Ensuring that credit card information is
stored, processed and transmitted in a
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a global standard authorised by the 5 major payment brands (Visa, Mastercard, American Express, JCB, and Discovery). It describes a series of security requirements, in 12 different categories.
These requirements can be applied in a tailored way to various environments. For example face to face / card present transactions (such as in shops and restaurants), or card not present (such as via a web site, or when ringing a call centre).
PCI DSS must however, in some shape or form, be adhered to by all entities where card payments are supported and processed. This includes merchants, service providers, acquiring banks, and card issuers.
How PGI can help to protect you
PGI is a Qualified Security Assessor (QSA) company, authorised by the PCI Security Standards Council (SSC) to assess compliance to the PCI DSS 3.2 standard. This version has been mandatory since April 2016.
Our world class security consultants have been trained and certified by the SSC to carry out client assessments and provide guidance to entities who handle card data.
Whether your company is a large multinational corporation or a SME, PGI can help you meet PCI DSS requirements. PGI offers 4 main services which guide an organisation through the whole compliance journey or just a part of it, depending upon your specific needs.
What we offer to protect you
Whether your company is a large multinational corporation or a SME, PGI can help you meet the PCI DSS requirements. PGI offers four main services which guide an organization through the whole compliance journey or just a part of it, depending on your specific prerequisites.
PCI Compliance Advice
PGI can provide PCI DSS-related advice and guidance on a range of requirements. If you are just starting on your compliance journey, PGI’s qualified consultants can for example provide training and awareness workshops; validate the scope of your cardholder data environment, and what level of acquirer reporting (SAQ or ROC) you will need to complete.
Additionally, we can provide compliance advice on the implementation of specific controls (such as FIM, IDS, WAF, and system configuration hardening); as well as strategies for reducing scope and compliance liability (such as tokenization, P2PE, and use of third party service providers).
PCI Gap Analysis
The PCI Gap Analysis service is a process by which PGI’s Security Consultants conduct a thorough analysis of a client’s organization with the view to assess whether they fulfil the PCI standard and to identify any necessary remediation.
The process usually involves site visits to work through a series of workshops and meetings, resulting in an an all-inclusive report on the organization’s current PCI compliance state, as well as on the remediation measures needed to fully meet the requirements.
PCI-DSS Testing and Monitoring
In order to remain PCI DSS compliant, companies must also undergo the mandatory testing requirements incorporated under the PCI Testing Services umbrella.Mandatory testing requirements such as vulnerability and penetration tests are daily, periodic, quarterly and annual.
At PGI, we offer the full spectrum of PCI Testing Services, making it easier for your organisation and staff to complete the PCI compliance journey with minimum effort and headache.
Audit and Compliance Reporting
The PCI DSS Audit and Report on Compliance service offered by PGI is aimed at Level 1 Merchants and Service Providers for their annual Report on Compliance (ROC) which must be completed by a Qualified PCI QSA Company/Consultant.
At the end of the process, the Consultant will also produce an Attestation of Compliance (AOC) to be signed by both the QSA conducting the audit and the Executive Officer of the company being audited.
Product & Pricing
|£ Contact for a quote
Get in touch for pricing tailored to suit your needs
Comprehensive requirements assessment
Experienced and knowledgeable consultants
Full and detailed compliance reporting