Symosis provides PCI DSS Compliance Services

July 9, 2013 - PRLog -- PCI security standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standard applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data. PCI DSS comprises a minimum set of requirements for protecting cardholder data, and may be enhanced by additional controls and practices to further mitigate risks.

Symosis can help your comply with PCI DSS and protect critical data using the followng three steps

PCI Assessment and Gap Analysis

Identify areas where an organization does not comply with the Payment Card Industry Data Security Standard (PCI DSS), and outlines areas requiring remediation. The goal is to evaluate your company’s readiness to pass a PCI On-Site Assessment.

• Evaluate operations to determine areas in scope for PCI

• Identify gaps in compliance with PCI-DSS

• Recommend and prioritize remediation activities

• Provide an actionable report for remediation

PCI Remediation

Organizations undergoing initial PCI DSS compliance unearth a laundry list of "must do" action items; areas requiring immediate attention and remediation. Symosis PCI experts can help you effectively fix these issues, save thousands of dollars and hundreds of hours when it comes to an actual PCI Level 1 on-site assessment and move on with PCI Compliance. We use a combination of propriety methodology and open source software to achieve compliance with substantial saving passed on to our customers.

• Develop / Tune information security policies, standards, and guidelines

• Help secure networks environment, system configuration and applications

• Secure stored cardholder data, encrypt data in transit

• Perform required network scanning, code review, penetration testing and vulnerability management

• Provide security awareness training

• Secure access control systems and web application firewalls

• Physical Security

• Track and monitor access to network resources and cardholder data

• Regular Security Testing of In-scope Systems and Processes


PCI Validation & Reporting (SAQ or ROC)

To validate compliance, a merchant or service provider needs to have clean external vulnerability scan reports and one of two assessment documents - A Self Assessment Questionnaire (SAQ) or A Report on Compliance (ROC). Symosis can help you complete an accurate Self Assessment Questionnaire (SAQ) or provide Report on Compliance (ROC) using our QSA partner.

• Provide Guidance/Assist with Self Assessment Questionnaire (SAQ)

• Prepare Report on Compliance (ROC)

• Prepare Quarterly Network Vulnerability Scanning Reports

• Submit Documentation as Required