Bonadio’s Enterprise Risk Management Division offers Payment Card Industry (PCI) security solutions that can help you determine your level of compliance with PCI, as well as validate your adherence to PCI requirements.

PCI Compliance from Experts

Credit card issuers are aggressively enforcing the PCI DSS to safeguard cardholder information and prevent losses, so you need an experienced partner with a proven process and track record of success. A US-wide certified PCI Qualified Security Assessor (QSA) and user of Approved Scanning Vendor (ASV) tools, Bonadio is uniquely qualified to perform all your PCI assessments.

We can guide you through the entire PCI compliance process and help you achieve compliance in an efficient and effective manner. Our certifications include:

  • Qualified Security Assessors (QSA)
  • Certified Information Systems Auditors (CISA)
  • Certified Information Systems Security Professionals (CISSP)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Security Manager (CISM)

Our PCI assessments help businesses achieve and maintain PCI compliance in accordance with the PCI SSC and Card Brands annual required audits. Following best-practice guidelines, our assessments are conducted by experts with in-depth experience in market and compliance requirements, and supported by intelligence derived from the Bonadio Enterprise Risk Management team, a recognized leader in risk management services across all verticals and industries.

We offer ongoing external scanning and consulting services with secure access to an online scanning portal. We conduct a thorough PCI DSS gap assessment and deliver assessment services resulting in an annual Report on Compliance. Using a phased approach helps organizations like yours identify and fix root causes of non-compliance and establish internal controls to promote ongoing compliance year after year.

A comprehensive PCI solution

We provide recommendations for vendor solutions to address all PCI requirements. We don’t sell or market PCI hardware or software, so our recommendations can truly meet your needs and encompass a comprehensive set of solutions that includes multiple hardware and software products, as well as services, to help your organization meet the PCI requirements. Our recommendations can be scaled to meet your needs, whether you require a single firewall appliance or a full range of assessment and remediation services and software products.

What we offer

PCI DSS Annual Assessment

We offer a comprehensive assessment, delivered by QSAs, to help ensure annual PCI certification and validation of compliance.

  • Satisfies annual PCI DSS compliance requirements for all clients.
  • Enables business-aligned security controls to help manage regulatory compliance and look for compensating controls wherever possible.
  • Helps reduce potential costs and complexity of security of non-compliance by providing guidance of the PCI latest requirements.

PCI DSS Gap Assessment

We offer an on-site assessment to identify any gaps in compliance with respect to the PCI Data Security Standard.

  • Pre-assessment procedures include the following:
    • Determination of the current compliance level and the specific steps required to achieve PCI compliance before performing the formal assessment.
    • Interviews with client, a review of the current network technology configuration, and recommendations with respect to PCI compliance.
    • An in-depth physical and logical data flow analysis. Clients gain a full understanding of all business instances where PCI DSS applies, and how to protect or remove data from these instances to limit the scope and impact of PCI DSS.
    • The development of a roadmap to compliance and indicate how to use compensating controls for maximum benefit and risk reduction.
    • Compliance milestones for all gaps.
    • The ability to negotiate extensions for compliance with either the acquiring institution or card brands.
  • Helps reduce potential costs associated with non-compliance by providing guidance of the PCI latest requirements.

PCI Remediation Assistance

We can help you assess compliance, create a roadmap for compliance, and advise on the implementation of a remediation plan to help you meet all requirements of the PCI DSS. The QSA will:

  • Provide expert advice on remediation planning:
    • Review proposed architecture changes, possible remediation project plan, policies, processes, and procedures.
    • Advise if any of the proposed changes are compliant with PCI DSS.
    • Offer advice on prioritization of proposed changes.
  • Provide expert assistance for clients who need to make changes to their network or documented processes in order to achieve PCI DSS compliance.
  • Enable business-aligned security controls to help manage regulatory compliance and look for compensating controls wherever possible.
  • Help reduce potential costs and complexity of security of non-compliance by providing guidance of the PCI latest requirements.

External and Internal Network Vulnerability Scanning

PCI scans performed by QSAs provide reports and findings to help you meet PCI DSS quarterly scanning requirements.

  • Ongoing external scanning services, including vulnerability assessments and professional interpretation of scan results against PCI DSS requirements, plus expert recommendations for gaining compliance.
  • All external network scans are evaluated by a QSA.
    • QSA or client initiated vulnerability scans of external, public facing host IPs.
    • Provides executive report, technical report, and documentation of findings including "failures".
    • Assistance with the analysis of any perceived "false positives".
  • Help achieve annual PCI DSS compliance requirements for clients who are required to submit quarterly scan results to their acquiring institution.
  • Help reduce potential costs and complexity of security of non-compliance by providing guidance of the PCI latest requirements.
CLOSE

Contact Us Today

Please fill out the following form and member of the Bonadio team will contact you to answer any questions you may have regarding our services and offerings. If you need immediate assistance please call our toll free number: (877) 917-3077.