Regents & Park (R&P) has worked in a number of pre and post breach PCI engagements. Utilizing our own PCI approved methodology and ASV tools R&P performs Gap Analysis, PCI scanning and full remediation services.
Clients have included but are not limited to large, medium and small retail operations, government transportation authorities, level 1 and 2 services providers with hundreds to tens of millions of credit card transactions processed daily.
A client can expect to receive support in every aspect of reaching and maintaining PCI compliance. Included in the service is the option to have Regents & Park come in annually and reassess compliance with a light but full coverage review.
Key deliverables of our PCI services include determining whether sufficient operational, technical and administrative security controls are in place and functioning properly to achieve PCI compliance as a merchant with SAQ-D requirements.
Details of PCI Level Merchant Compliance Services Provided by R&P:
1. Annual SAQ D Review and Completion – A review with management on their current state as it complies with PCI will take place either in person or via a web conference. If the responses result in a passing grade, a SAQ D will be completed. If responses do not result in a passing grade, we will proceed to item 3.
- Deliverables: Completed self-assessment questionnaires (SAQ-D) based on findings.
2. Quarterly Milestones – R&P will support quarterly requirement for vulnerability scan submissions to PCI and managements review as it pertains to PCI compliance.
- Deliverables: Recommendations on remediation, as required.
3. PCI Gap Analysis – If as a result of the SAQ D review remediation items may be identified. If required a gap analysis will be performed and remediation suggestions made to achieve PCI compliance.
- Deliverables: Prioritized remediation plan addressing all related requirements.
4. Policy and Procedure Review – An annual review of policies and procedures is required to maintain PCI compliance. R&P will perform a detailed review against current standards and identify any changes required to meet PCI compliance.
- Deliverables: Documentation detailing gaps in current Policy and Procedure and suggested remediation steps
5. Compliance Support Annual – R&P will supply ongoing real time compliance support (8AM- 5PM Pacific Time). This will include supporting updates on PCI requirements as well as additions and decommissioning of customer locations and finally, identify compliance gaps.
- Deliverables: On-going telephone support