A specialist service for Payday loan service providers or Application developers. The service covers PA DSS,PCI DSS, Data Protection, Information Security and Secure Application Development (OWASP).
1. For loan service providers and payment software developers
PCI & PA DSS compliance service
Ben Oguntala, LL.B Hons, LL.M, BVC (IPR)
IT LAW Consultant & Compliance Specialist
Ben.oguntala@riesgoriskmanagement.com
07812 039 867
www.riesgoriskmanagement.com
2. Service overview
Data
Supplier
PCI DSS PA DSS Protection ISO27K
Management
Magnetic stripe, card
Act
verification code or
value
Protect card holder
Build & Maintain data Registration with IS policies &
secure network the ICO
Secure procedures No. of Suppliers
authentication
Protect Definition of
Log payment business purposes
cardholder data application activity IS baselines
No. of
Maintain vulnerability Develop secure Information
payment applications Information Asset
management
Register
shared
programme Protect wireless
transmissions Incident
Information management
strong access Vulnerability testing
in application sharing
control Supplier
agreement
Secure network contracts
Risk
Network Cardholder data Management
Privacy Impact
monitoring & storage Assessment
tests Remote access
security
Maintain Encryption of non Supplier
Information Security console access Privacy Policies and Risk treatment Audits
procedures
policy Implementation
guide
3. Our services
PCI DSS compliance
• Carry out audits – Gap analysis
• Implement project to fill in the gaps
• Implement risk management tool
• Provide risk assessment and risk treatment service (monthly/bi-weekly/ad-hoc)
PA DSS compliance
• Software assessment audit and gap analysis
• Development of your implementation guideline for clients
• Re-use PCI DSS and ISO27001
ISO 27000 compliance
• Use of www.riesgoriskmanagement.com ISO27K compliance reporting tool
Data Protection Act compliance
• Implementation of your Privacy policy and strategy
• Business purpose definition
• Data retention policy
FSA Data security
• Data security standard
• Data leakage prevention
• Encryption policy
Supplier management and Audits
• 3rd party self audits
• IS schedule in Supplier contracts
4. Compliance overview
Organisation
Generic
Management compliance
structure
Governance Risk
Network
and compliance
architecture
Policies and
procedures
Services
offered Clients
Your Your
PCI DSS PA DSS
organisation application
5. Protect
Access Vulnerability Building a
cardholder
control management secure
data
Access
control policy
of network
Segmentation
PCI DSS
firewalls
Different
Security
baselines