PCI QSA Onsite Assessment

PCI QSA Onsite Assessment

Cognosec’s PCI On-site Assessment is a systematic evaluation of an organisations level of compliance to the Payment Card Industry Data Security Standard (PCI DSS), which needs to be performed during the securitisation process and at regular intervals.

Cognosec Services

Cognosec Services

Features

The Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that store, process and/or transmit cardholder data. The framework covers technical and operational system elements connected to cardholder data. If you store, process or transmit credit card data you are subject to this standard.

Cognosec is a Qualified Security Assessor (QSA) and as a QSA we are authorised to help your company obtain and maintain PCI DSS compliance. Cognosec GmbH can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer –creating a rounded and comprehensive compliance package.

Cognosec is an Approved Scanning Vendor (ASV) – an organisation with a set of security services and tools available to validate adherence to the external scanning condition of the PCI DSS requirement 11.2. The scanning vendor’s ASV scan solution is always tested and approved by the PCI SSC before an ASV is added to the list of approved scanning vendors.

As Cognosec is a Qualified Security Assessor (QSA) for the PCI-DSS and PA-DSS as well as an Approved Scanning Vendor (ASV)– making Cognosec a one-stop-shop for your PCI compliance needs.  Cognosec can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package. We are authorised to help your company obtain and maintain PCI DSS compliance.

Cognosec’s PCI On-site Assessment is a systematic evaluation of an organisations level of compliance to the Payment Card Industry Data Security Standard (PCI DSS), which needs to be performed during the securitisation process and at regular intervals. As a Qualified Security Assessor (QSA) we are able to perform an evaluation which covers all twelve requirements of the PCI DSS standard.  A multitude of facets including: technical sampling of in-scope systems, staff interviews and a final policy review – are included, confirming that suitable measures have been taken and that appropriate policies have been put into place. Upon completion of the PCI On-site Assessment, a Report on Compliance (ROC) will be drafted in a format that is acceptable for submission to relevant card brands.

Specification

“As a Qualified Security Assessor (QSA), Cognosec offers the highest quality and smoothest assessment possible. The evaluation will cover a multitude of facets including: technical sampling of in-scope systems, staff interviews and a final policy review – confirming that the suitable measures have been taken and that appropriate policies have been put into place. Upon completion of the PCI On-site Assessment, a Report on Compliance (ROC) will be drafted and will be ready to be submitted to relevant card brands.

There are 5 PCI DSS phases to the Cognosec PCI methodology. Four of them are audit processes and one of them is a half yearly customer review.

  1. Initial Gap Analysis and Onsite Audit
  2. Evaluation of gathered Evidence and Remediation
  3. Report and Review
  4. Project closeout
  5. Half Yearly Review

– For PCI Level 1 Service Providers, to maintain PCI compliance, a PCI On-site Assessment needs to take place absolutely no later than four months (six months is recommended) before the expiration of a PCI certificate, as specified by the card brand listings.

– For PCI Level 1 Merchants, to maintain PCI compliance, a PCI On-site Assessment needs to take place at least four months before the initial PCI compliance date mandated by an acquirer, or four months before the initial re-certification.

Client related activities related to Payment Card Industry Data Security Standard (PCI DSS) are

  1. Validate the scope of the assessment
  2. Contract Drafted & Signed
  3. Onsite Audit Preparation Phase

– Scheduling Phase

– Client Hub Created in Secured OwnCloud

– Client Data Upload to Secured Owncloud

– Policies and Procedures Excel File completed

  1. Conduct PCI Data Security Standard assessments

– Verify all technical information given by merchant or service provider

– Be onsite for the duration of any relevant assessment procedure

– Review the work product that supports the assessment procedures

– Adhere to the PCI DSS Requirements and Security Assessment Procedures

– Select representative samples of business facilities and system components where sampling is employed

–  Evaluate compensating controls (if any)

  1. Produce the final Report on Compliance
  2. Produce the Compliance Certificate
  3. Submit Validation Documents to Card Brands
  4. Client Feedbacks & Testimonials

 

Download as PDF