IT Security and Compliance
SAP GRC Implementation
> PCI-DSS Compliance
Assisting enterprises achieve and retain PCI-DSS compliance is a core offering of JPN Associates' Security Practice.
All enterprises that store, process and transmit payment card data must comply with the Payment Card Industry Data Security Standard (PCI-DSS). Payment card brands, such as Visa and MasterCard, impose stringent fines and fees on enterprises that do not comply with the requirements; rarely does a small enterprise recover financially from a network breach where card data is compromised. The PCI Security Standards Council (PCI-SSC) has classified merchants into 4 levels, based on the volumes of payment card transactions they process each year. Using our proven methodology, JPN Associates assures level 2 through 4 merchants of achieving PCI-DSS compliance.
Broadly, our methodology comprises architecting improvements in business processes related to payment card data handling and deploying general IT controls for the protection of such data. Our methodology comprises of documenting existing, relevant business processes, and general IT and physical controls- the "as-is" state- and architecting "to-be" states jointly with enterprise stakeholders.
For business processes, the to-be state will focus on needs to access cardholder data, its retention and eventual destruction, for both card present and card not present transactions.
For general IT controls, the focus is on reducing the in-scope network and implementing network security measures; developing strong access controls; assuring wireless LAN security; to name a few. JPN understands that small to medium businesses (SMB) are sensitive to their IT budgets. JPN has developed templates for deploying low cost solutions to achieve general IT controls. Exemplars include access control solutions, content filtering, and disaster recovery.
Our process for getting enterprises to compliance includes scanning the in-scope IT architecture using services of an approved scanning vendor (ASV) as mandated by the PCI security standards council (PCI SSC). JPN has partnered with such ASVs to assure enterprises of PCI-DSS compliance. The challenge enterprises face, with their limited IT staff, is to interpret scan results and remediate the vulnerabilities exposed in the report. This is where JPN adds the most value to achieving and retaining PCI-DSS compliance, based on our deep experience with IT security.
JPN's IT security checklist, progressively developed by its security consultants as a result of conducting numerous IT security reviews, ensures that the drive to achieving compliance will be of the shortest possible duration without compromising any aspect of security.
JPN consultants understand that the strongest IT controls are rendered useless if not adopted, bypassed for convenience, or just ignored. To insure effectiveness of deployed controls, JPN conducts user training to reinforce re-architected business processes, newly implemented general IT control, and incidence response procedures.
Call a JPN consultant today for a free one-hour discussion on how your enterprise can become and stay PCI-DSS compliant and sharply mitigate the risk of a data breach resulting in paying heavy fines, and the consequences of brand damage and losing valuable customers.