PCI & PA DSS Compliance Service

845 views

Published on

A specialist service for Payday loan service providers or Application developers. The service covers PA DSS,PCI DSS, Data Protection, Information Security and Secure Application Development (OWASP).

  • Be the first to comment

  • Be the first to like this

PCI & PA DSS Compliance Service

  1. 1. For loan service providers and payment software developersPCI & PA DSS compliance service Ben Oguntala, LL.B Hons, LL.M, BVC (IPR) IT LAW Consultant & Compliance Specialist Ben.oguntala@riesgoriskmanagement.com 07812 039 867 www.riesgoriskmanagement.com
  2. 2. Service overview Data Supplier PCI DSS PA DSS Protection ISO27K Management Magnetic stripe, card Act verification code or value Protect card holder Build & Maintain data Registration with IS policies & secure network the ICO Secure procedures No. of Suppliers authentication Protect Definition of Log payment business purposescardholder data application activity IS baselines No. ofMaintain vulnerability Develop secure Information payment applications Information Asset management Register shared programme Protect wireless transmissions Incident Information management strong access Vulnerability testing in application sharing control Supplier agreement Secure network contracts Risk Network Cardholder data Management Privacy Impact monitoring & storage Assessment tests Remote access security Maintain Encryption of non SupplierInformation Security console access Privacy Policies and Risk treatment Audits procedures policy Implementation guide
  3. 3. Our servicesPCI DSS compliance• Carry out audits – Gap analysis• Implement project to fill in the gaps• Implement risk management tool• Provide risk assessment and risk treatment service (monthly/bi-weekly/ad-hoc)PA DSS compliance• Software assessment audit and gap analysis• Development of your implementation guideline for clients• Re-use PCI DSS and ISO27001ISO 27000 compliance• Use of www.riesgoriskmanagement.com ISO27K compliance reporting toolData Protection Act compliance• Implementation of your Privacy policy and strategy• Business purpose definition• Data retention policyFSA Data security• Data security standard• Data leakage prevention• Encryption policySupplier management and Audits• 3rd party self audits• IS schedule in Supplier contracts
  4. 4. Compliance overview Organisation Generic Management compliance structure Governance Risk Network and compliance architecture Policies and proceduresServicesoffered Clients Your Your PCI DSS PA DSSorganisation application
  5. 5. Protect Access Vulnerability Building a cardholder control management secure data Accesscontrol policy of network Segmentation PCI DSS firewalls Different Security baselines
  6. 6. contact details• Ben Oguntala• Ben.oguntala@riesgoriskmanagement.com• www.riesgoriskmanagement.com• 07812 039 867

×