PCI DSS v4 Compliance Auditing RoC AoC Level 1 SAQ-D

Click here to contact us today for a no-cost, no-obligation consultation unique to your PCI-DSS compliance environment! Make security the way you do business!

If you accept credit cards as a form of payment, PCI-DSS is for you! The trend toward becoming a less cash-dependent economy has drawn more businesses into accepting cards as forms of payment for their goods and services. This is a convenience for the customer or clients. It is also an additional compliance requirement for the Merchant accepting this form of payment.

The Payment Card Industry - Security Standards Council (PCI-SSC) is the governing body which governs the payment card process and secures the nature of card transactions. Generally speaking, there are 12 Requirements which all PCI Merchants are required to manage effectively within their organization in order to maintain the ability to continue offering card transactions as a method of payment.

The current version of PCI-DSS is v3.2.1. All Merchants whether large (Level 1) or smaller (Levels 2, 3, or 4) must meet the same 12 Requirements known as the PCI Data Security Standard.


What is Required of you to maintain Compliance ...

Build and Maintain a Secure Network and Systems

1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

5. Protect all systems against malware and regularly update antivirus software or programs
6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information security for all personnel

There are specific security controls behind each of the 12 Requirements which are audited for compliance. Compliance is required in order to continue card transaction as an authorized payment form. While an audit of the PCI-DSS Program typically occurs once annually near the end of the PCI-DSS Calendar year, demonstrated continuous compliance within your PCI-DSS Program is required (v3.1 going forward) throughout the year.

Digital Assurance Advisors offers full PCI-DSS Program service. Aside from the requirement for Level 1 Merchants to engage an outside audit firm annually, Level 2, 3 or 4 Merchants also value our Process-based Outcome model to ensure compliance and handle these complex issues that may not justify having full-time staff in-house.

Digital Assurance Advisors also offers incremental PCI-DSS Program service for every need below full service.