SlideShare a Scribd company logo

PA DSS solution

R
rory obr
1 of 22
Download to read offline
PA DSS solution
PA DSS process • The Vendor selects a PA-QSA Company from the Council‘s list of recognized PA-QSA Companies and negotiates the cost and any associated PA-QSA Company confidentiality and non-disclosure agreement with the PA-QSA Company; • The Vendor then provides to the PA-QSA Company the Payment Application software, corresponding PA-DSS Implementation Guide, and all associated manuals and other required documentation, including but not limited to the Vendor's signed Vendor Release Agreement; • The PA-QSA Company then assesses the Payment Application, including its security functions and features, to determine whether the application complies with the PA-DSS; • If the PA-QSA Company determines that the Payment Application is in compliance with the PADSS, the PA-QSA Company submits a corresponding ROV to PCI SSC, attesting to compliance and setting forth the results, opinions and conclusions of the PA-QSA Company on all test procedures along with the Vendor‘s signed VRA and the Attestation of Validation; • PCI SSC issues an invoice to the Vendor for the applicable PA-DSS Payment Application • Acceptance Fee. After the Vendor has paid the invoice, PCI SSC reviews the ROV to confirm that it meets the PA- DSS Program requirements, and if confirmed, PCI SSC notifies the PA-QSA Company and Vendor that the Payment Application has successfully completed the process; and • Once the Payment Application successfully completes the above process, the Council signs the Attestation of Validation and adds the Payment Application to the List of Validated Payment Applications on the Website.
The key tasks we can provide • Direct engagement of the PA QSA • We can either work with your existing PA QSA or assist you in finding a reputable one • Vendor selects a PA-QSA Company • We will interface with your PA QSA and ensure they agree to the key deliverables and requirements as well as manage the relation through to sign off • Confidentiality and non-disclosure agreement with the PA-QSA Company • Our contract team can help you draft confidentiality and NDAs • Vendor then provides to the PA-QSA Company the Payment Application software • As part of our interfacing with the PA QSA, we would engage to carry out the initial gap analysis and continue to work in reducing the risk mitigation through to risk sign off. • PA DSS implementation guide • We will work with your development team in the production of your PA DSS implementation guide • Application manual • Working with your development team and technical Authors produce application manuals to meet the PA DSS requirements • Vendor's signed Vendor Release Agreement • we can help you manage vendor environment to make sure it is PCI DSS compliant
Generation of the PA DSS implementation guide Creation of a card data digital foot print for the application Review of the application guidelines to make PA DSS compliant Application review in line with PA DSS 32 point view and assessment to produce implementation guide PCI DSS environmental impact review and baseline
Payment Application is placed on the PCI dashboard
Payment application added to the payment application provider list
Payment application is listed as part of merchant PCI payments, products or system
PA DSS solution
PA DSS solution
PA DSS solution
PA DSS solution
PA DSS solution
PA DSS solution
PA DSS solution
PA DSS solution
PA DSS solution
PA DSS solution
PA DSS solution
PA DSS solution
PA DSS solution
PA DSS solution
PA DSS solution

Recommended

Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSSSaumya Vishnoi
 
iSecurity Compliance Evaluator PCI Demo
iSecurity Compliance Evaluator PCI DemoiSecurity Compliance Evaluator PCI Demo
iSecurity Compliance Evaluator PCI DemoRaz-Lee Security
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guideMohammad Makchudul Alam (Arif)
 
PCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4auditPCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4auditPrep4Audit
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringKimberly Simon MBA
 
P2PE - PCI DSS
P2PE - PCI DSSP2PE - PCI DSS
P2PE - PCI DSSControlCase
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantOlivia Grey
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowAlienVault
 

Recommended

Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSSSaumya Vishnoi
 
iSecurity Compliance Evaluator PCI Demo
iSecurity Compliance Evaluator PCI DemoiSecurity Compliance Evaluator PCI Demo
iSecurity Compliance Evaluator PCI DemoRaz-Lee Security
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guideMohammad Makchudul Alam (Arif)
 
PCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4auditPCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4auditPrep4Audit
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringKimberly Simon MBA
 
P2PE - PCI DSS
P2PE - PCI DSSP2PE - PCI DSS
P2PE - PCI DSSControlCase
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantOlivia Grey
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowAlienVault
 
PA-DSS Certification
PA-DSS CertificationPA-DSS Certification
PA-DSS CertificationUnitedThinkers
 
Gradeon PCI Annual Validation.pptx
Gradeon PCI Annual Validation.pptxGradeon PCI Annual Validation.pptx
Gradeon PCI Annual Validation.pptxGradeon1
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsChristopher Foot
 
Cisp payment application_best_practices
Cisp payment application_best_practicesCisp payment application_best_practices
Cisp payment application_best_practiceskcmani15
 
Monetizing the AWS Cloud Leveraging APN Programs, Training, and Support-AWS-P...
Monetizing the AWS Cloud Leveraging APN Programs, Training, and Support-AWS-P...Monetizing the AWS Cloud Leveraging APN Programs, Training, and Support-AWS-P...
Monetizing the AWS Cloud Leveraging APN Programs, Training, and Support-AWS-P...Amazon Web Services
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI complianceJisc
 
Quality Clouds for ServiceNow
Quality Clouds for ServiceNowQuality Clouds for ServiceNow
Quality Clouds for ServiceNowAlbert Franquesa
 
Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010Donald E. Hester
 
Aranca | Portfolio Valuation (ASC 820 - FAS 157) & Advisory Services
Aranca | Portfolio Valuation (ASC 820 - FAS 157) & Advisory ServicesAranca | Portfolio Valuation (ASC 820 - FAS 157) & Advisory Services
Aranca | Portfolio Valuation (ASC 820 - FAS 157) & Advisory ServicesAranca
 
Software Delivery Model
Software Delivery ModelSoftware Delivery Model
Software Delivery ModelMatt Cowell
 
Software Testing and Quality Assurance Services.pptx
Software Testing and Quality Assurance Services.pptxSoftware Testing and Quality Assurance Services.pptx
Software Testing and Quality Assurance Services.pptxSakshiPatel82
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overviewsameh Abulfotooh
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxgealehegn
 
PCI Compliance for Community Colleges @One CISOA 2011
PCI Compliance for Community Colleges @One CISOA 2011PCI Compliance for Community Colleges @One CISOA 2011
PCI Compliance for Community Colleges @One CISOA 2011Donald E. Hester
 
SAP License Services by Crayon Software Experts
SAP License Services by Crayon Software ExpertsSAP License Services by Crayon Software Experts
SAP License Services by Crayon Software Expertsm. gravesteijn ? create & connect
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASISDermot Clarke
 
ScopeWeaver_Client Proposition_7Sept
ScopeWeaver_Client Proposition_7SeptScopeWeaver_Client Proposition_7Sept
ScopeWeaver_Client Proposition_7SeptGirish Adsul
 
Government Contracting & The DCAA Regulatory Environment
Government Contracting & The DCAA Regulatory EnvironmentGovernment Contracting & The DCAA Regulatory Environment
Government Contracting & The DCAA Regulatory EnvironmentRaffa Learning Community
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070retheauditors
 
GP-PCI-DSS-prodsheet
GP-PCI-DSS-prodsheetGP-PCI-DSS-prodsheet
GP-PCI-DSS-prodsheetMarco Villacorta Olano
 

More Related Content

Similar to PA DSS solution

Gradeon PCI Annual Validation.pptx
Gradeon PCI Annual Validation.pptxGradeon PCI Annual Validation.pptx
Gradeon PCI Annual Validation.pptxGradeon1
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsChristopher Foot
 
Cisp payment application_best_practices
Cisp payment application_best_practicesCisp payment application_best_practices
Cisp payment application_best_practiceskcmani15
 
Monetizing the AWS Cloud Leveraging APN Programs, Training, and Support-AWS-P...
Monetizing the AWS Cloud Leveraging APN Programs, Training, and Support-AWS-P...Monetizing the AWS Cloud Leveraging APN Programs, Training, and Support-AWS-P...
Monetizing the AWS Cloud Leveraging APN Programs, Training, and Support-AWS-P...Amazon Web Services
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI complianceJisc
 
Quality Clouds for ServiceNow
Quality Clouds for ServiceNowQuality Clouds for ServiceNow
Quality Clouds for ServiceNowAlbert Franquesa
 
Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010Donald E. Hester
 
Aranca | Portfolio Valuation (ASC 820 - FAS 157) & Advisory Services
Aranca | Portfolio Valuation (ASC 820 - FAS 157) & Advisory ServicesAranca | Portfolio Valuation (ASC 820 - FAS 157) & Advisory Services
Aranca | Portfolio Valuation (ASC 820 - FAS 157) & Advisory ServicesAranca
 
Software Delivery Model
Software Delivery ModelSoftware Delivery Model
Software Delivery ModelMatt Cowell
 
Software Testing and Quality Assurance Services.pptx
Software Testing and Quality Assurance Services.pptxSoftware Testing and Quality Assurance Services.pptx
Software Testing and Quality Assurance Services.pptxSakshiPatel82
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxgealehegn
 
PCI Compliance for Community Colleges @One CISOA 2011
PCI Compliance for Community Colleges @One CISOA 2011PCI Compliance for Community Colleges @One CISOA 2011
PCI Compliance for Community Colleges @One CISOA 2011Donald E. Hester
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASISDermot Clarke
 
ScopeWeaver_Client Proposition_7Sept
ScopeWeaver_Client Proposition_7SeptScopeWeaver_Client Proposition_7Sept
ScopeWeaver_Client Proposition_7SeptGirish Adsul
 
Government Contracting & The DCAA Regulatory Environment
Government Contracting & The DCAA Regulatory EnvironmentGovernment Contracting & The DCAA Regulatory Environment
Government Contracting & The DCAA Regulatory EnvironmentRaffa Learning Community
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070retheauditors
 

Similar to PA DSS solution (20)

PA-DSS Certification
PA-DSS CertificationPA-DSS Certification
PA-DSS Certification
 
Gradeon PCI Annual Validation.pptx
Gradeon PCI Annual Validation.pptxGradeon PCI Annual Validation.pptx
Gradeon PCI Annual Validation.pptx
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
 
Cisp payment application_best_practices
Cisp payment application_best_practicesCisp payment application_best_practices
Cisp payment application_best_practices
 
Monetizing the AWS Cloud Leveraging APN Programs, Training, and Support-AWS-P...
Monetizing the AWS Cloud Leveraging APN Programs, Training, and Support-AWS-P...Monetizing the AWS Cloud Leveraging APN Programs, Training, and Support-AWS-P...
Monetizing the AWS Cloud Leveraging APN Programs, Training, and Support-AWS-P...
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
 
Quality Clouds for ServiceNow
Quality Clouds for ServiceNowQuality Clouds for ServiceNow
Quality Clouds for ServiceNow
 
Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010Payment Card Industry CMTA NOV 2010
Payment Card Industry CMTA NOV 2010
 
Aranca | Portfolio Valuation (ASC 820 - FAS 157) & Advisory Services
Aranca | Portfolio Valuation (ASC 820 - FAS 157) & Advisory ServicesAranca | Portfolio Valuation (ASC 820 - FAS 157) & Advisory Services
Aranca | Portfolio Valuation (ASC 820 - FAS 157) & Advisory Services
 
Software Delivery Model
Software Delivery ModelSoftware Delivery Model
Software Delivery Model
 
Software Testing and Quality Assurance Services.pptx
Software Testing and Quality Assurance Services.pptxSoftware Testing and Quality Assurance Services.pptx
Software Testing and Quality Assurance Services.pptx
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
 
Educause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptxEducause+PCI+briefing+4-19-20162345.pptx
Educause+PCI+briefing+4-19-20162345.pptx
 
PCI Compliance for Community Colleges @One CISOA 2011
PCI Compliance for Community Colleges @One CISOA 2011PCI Compliance for Community Colleges @One CISOA 2011
PCI Compliance for Community Colleges @One CISOA 2011
 
SAP License Services by Crayon Software Experts
SAP License Services by Crayon Software ExpertsSAP License Services by Crayon Software Experts
SAP License Services by Crayon Software Experts
 
PCI_Presentation_OASIS
PCI_Presentation_OASISPCI_Presentation_OASIS
PCI_Presentation_OASIS
 
ScopeWeaver_Client Proposition_7Sept
ScopeWeaver_Client Proposition_7SeptScopeWeaver_Client Proposition_7Sept
ScopeWeaver_Client Proposition_7Sept
 
Government Contracting & The DCAA Regulatory Environment
Government Contracting & The DCAA Regulatory EnvironmentGovernment Contracting & The DCAA Regulatory Environment
Government Contracting & The DCAA Regulatory Environment
 
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
SAS 70 in a Post-Sarbanes, SaaS World: Quest Session 52070
 
GP-PCI-DSS-prodsheet
GP-PCI-DSS-prodsheetGP-PCI-DSS-prodsheet
GP-PCI-DSS-prodsheet
 

PA DSS solution

  • 2. PA DSS process • The Vendor selects a PA-QSA Company from the Council‘s list of recognized PA-QSA Companies and negotiates the cost and any associated PA-QSA Company confidentiality and non-disclosure agreement with the PA-QSA Company; • The Vendor then provides to the PA-QSA Company the Payment Application software, corresponding PA-DSS Implementation Guide, and all associated manuals and other required documentation, including but not limited to the Vendor's signed Vendor Release Agreement; • The PA-QSA Company then assesses the Payment Application, including its security functions and features, to determine whether the application complies with the PA-DSS; • If the PA-QSA Company determines that the Payment Application is in compliance with the PADSS, the PA-QSA Company submits a corresponding ROV to PCI SSC, attesting to compliance and setting forth the results, opinions and conclusions of the PA-QSA Company on all test procedures along with the Vendor‘s signed VRA and the Attestation of Validation; • PCI SSC issues an invoice to the Vendor for the applicable PA-DSS Payment Application • Acceptance Fee. After the Vendor has paid the invoice, PCI SSC reviews the ROV to confirm that it meets the PA- DSS Program requirements, and if confirmed, PCI SSC notifies the PA-QSA Company and Vendor that the Payment Application has successfully completed the process; and • Once the Payment Application successfully completes the above process, the Council signs the Attestation of Validation and adds the Payment Application to the List of Validated Payment Applications on the Website.
  • 3. The key tasks we can provide • Direct engagement of the PA QSA • We can either work with your existing PA QSA or assist you in finding a reputable one • Vendor selects a PA-QSA Company • We will interface with your PA QSA and ensure they agree to the key deliverables and requirements as well as manage the relation through to sign off • Confidentiality and non-disclosure agreement with the PA-QSA Company • Our contract team can help you draft confidentiality and NDAs • Vendor then provides to the PA-QSA Company the Payment Application software • As part of our interfacing with the PA QSA, we would engage to carry out the initial gap analysis and continue to work in reducing the risk mitigation through to risk sign off. • PA DSS implementation guide • We will work with your development team in the production of your PA DSS implementation guide • Application manual • Working with your development team and technical Authors produce application manuals to meet the PA DSS requirements • Vendor's signed Vendor Release Agreement • we can help you manage vendor environment to make sure it is PCI DSS compliant
  • 4. Generation of the PA DSS implementation guide Creation of a card data digital foot print for the application Review of the application guidelines to make PA DSS compliant Application review in line with PA DSS 32 point view and assessment to produce implementation guide PCI DSS environmental impact review and baseline
  • 5. Payment Application is placed on the PCI dashboard
  • 6. Payment application added to the payment application provider list
  • 7. Payment application is listed as part of merchant PCI payments, products or system