The Payment Card Industry Data Security Standard* (PCI DSS) was set up by major payment-card brands in 2006 to keep credit-card data safe. If you process, store, or transmit credit-card data then you have to comply with the standard. The standard has 12 requirements, and over 200 sub-requirements.
Fail to comply with PCI DSS and you could face hefty fines and higher transaction costs during the time that it takes – usually two years – to regain compliant status. Worse still data breaches make headline news and can crush consumers’ confidence.
To be validated as PCI DSS compliant, most companies will have to pass an audit by a Qualified Security Assessor (QSA) who will check every sub-requirement.
Once you’re compliant you have to pass an annual QSA audit, and quarterly security scans. You have to put in place processes for everything from how to change a firewall setting, to who has access to a server. And set up processes to log system changes, and process documents to create auditable records.
CNS worked with The Bunker in designing an infrastructure that allows The Bunker to gain accreditation across areas of compliance such as PCI DSS. Each solution is designed to the specific needs of the client and is supported under a Managed Service delivered by CNS Mosaic.
CNS Mosaic portfolio of Managed Services is based on its propriety award winning COMPLIANCEngine platform and is designed to deliver Managed Information Security and IT Compliance. The TOTAL SECURE services deliver the Vulnerability Management, Configuration & Build Validation, Patch Management and Logging, Alerting and Responses needed by regulations such as PCI DSS, Code of Connection (PSN, HMG, IG-SOC), ISO27001, CoBIT and many others including bespoke internal best practices.
CNS Mosaic TOTAL SECURE is able to offer business continuity and cost savings beyond that of traditional stand-alone auditing tools and other complex SIEM appliances, plus deliver intelligence for on-going compliance and protection against threats.
TOTAL SECURE Managed Services are fully supported by CNS Group’s highly accredited understanding of regulatory mandate and security best practice acts. Our clients will receive a much extended level of benefit along with the extra level of IT assurance offered by qualified consultants.