PCI COMPLIANCE
More and more, businesses are facing heightened data protection related compliance requirements imposed by law, regulation, partners and others. The challenges faced by most businesses is identifying a simple, practical pathway to achieve compliance while keeping the impact to the business as low as possible. Hiring a team of inhouse subject matter experts is not an option for most small to medium sized businesses which is why Security Validation is poised to chart a path towards your compliance.
Your business can avail itself of our expertise and vast suite of tools that can be leveraged and tailored to fit your business model. We’ll work with your internal compliance, legal or technical staff training them to manage risk.
We can devise and help you implement a Risk Management framework to detect, remediate, monitor and report privacy or security related risks.
Whether it’s a program implemented to manage privacy or security risk, Security Validation can work with your internal teams to develop an organizational program. Such programs are critical for understanding what data you have and where it is, what the risks are to that data, develop processes and controls to monitor those risks.
Having a solid risk management program is a major component towards demonstrating to regulators and others that you exercised due diligence to reduce your data risk as well as to comply with the relevant law, regulation and framework.
Security Validation’s compliance experts can perform onsite or remote gap analyses and assessments; process & controls design; privacy and security training; custom policies, processes, procedures; technical evaluation of your systems, and much more.
Laws/Regulations/Frameworks
Hipaa/HiTech
GLBA
Coppa
E.U.’s GDPR
U.S.Privacy Shield
UK’s CyberEssentials
ISO270000
NIST
PCI-DSS
Onsite Assessments
A Security Consultant will visit each of your locations and conduct an in-depth analysis of the security posture of your property. Using the Payment Card Industry Data Security Standards we will analyze and provide detailed reporting on the Gaps in the people, process and technologies used to run your business. We will then provide you with a detailed project plan to help guide you through the remediation efforts.
Comprehensive Compliance Program
Security Training and Awareness delivered to your entire staff via our hosted LMS
Customized Policy’s, Processes and Procedures tailored to each property.
In-depth technical review of all key systems (includes POS and PMS)
Vulnerability Scanning of all Internal Systems
Monthly scans of all your Internet facing devices (ASV Scans)
Delivery of a complete Compliance workbook that includes all collected documentation
Detailed Remediation Plan 24 Hour Help Desk Support for all Security Questions
Preparation of your Self-Assessment Questionnaire
Detailed GAP Analysis
Many of our Security Consultants come from the Hospitality Industry. They understand how difficult it is to balance the guest experience and sound security practices. It is armed with this knowledge and the ability to help guide our clients so that they can achieve PCI Compliance with little or no impact to their guests makes Security Validation so valuable. We understand your business! We were born from the hospitality business and we are your Trusted Advisors all year long! Our Security Consultants will prepare a detailed Gap Analysis. This will identify all of the data security and data privacy weaknesses in your people, processes and technologies. We then help guide you as you remediate the gaps and place yourself on the road to PCI Compliance. Our service doesn’t stop there! As your Trusted Advisors we are committed to you for the entire year. We will continue to provide guidance, awareness and support to not only bring you to a compliant state but keep you there!
Internal Vulnerability Assessments
Cornerstone to any compliance engagement is knowing where the vulnerabilities lie, what systems are out of patch and what hot-fixes need to be applied to prevent the unauthorized access to your key systems. As part of our Comprehensive Compliance Program, Security Validation does a deep dive Vulnerability Assessment of all the systems on property. We then provide you with a detailed prioritized project plan that will guide you through the necessary remediation efforts.
Security Validation can also provide periodic scanning of your internal systems to validate and ensure your systems remain patched all year long.
External Vulnerability Assessments – (ASV)
Also part of our offering is monthly scans of all your externally facing IP Addresses. The PCI Requirement is that each merchant produce four quarterly clean scans. Security Validation scans your assets monthly to help uncover any vulnerabilities providing enough lead time to cure the gaps prior to producing clean scans to your banks.
Training and Awareness
Securing the financial and personal information of our guests starts with our people. A sound training and awareness program means that associates receive training on a regular basis. It also means that keeping security best practices in the forefront of everyone’s mind helps to make for a more secure property. Security Validation, as part of their Comprehensive Compliance Program provides computer based training and awareness programs for every employee at the property. We also provide posters, periodic email tips and reminders and other collateral to assist in keeping your staff informed.