PCI DSS Compliance
The Largest Credit Card Acquiring Company in the Middle East and Africa
In the second half of 2010, the company was faced with a decision about whether to approach a consulting company to provide necessary Gap Assessment and remediation work or retain the international QSA as an auditor and conduct internal remediation to become compliant to PCI DSS. The challenge was to have the all encompassing internal capabilities to provide the readiness for the strict timelines given by VISA and MASTER for the audit by the end of the year.
The remediation could have included restructuring its existing but inadequate information security framework for fulfilling the changing information management needs. The continued dependency on the internal capabilities and the dependence on the large QSA based from the UK were bringing about many delays and added an extensive increase in the cost for compliance.
GREEN METHOD QUICK WIN APPROACH
Green Method formed a project team of experts including QSAs, Information Security Process Experts, Network Security Experts and Application Security experts managed by proven and qualified project management professional.
The following project was divided into the following phases:
- Process & Policies review and alignment with Group Info sec Policies
- Clear Network Diagram with relevance to optimized PC DSS Scope
- Network vulnerability Assessment & Penetration Testing
- Application Penetration Testing
- Defining Compensatory controls
- Management Presentations for technology implementation
- Supervision of technology implementation
- QSA re-assessment on the remediation – offline
- Scope Optimization
- Gap Assessment – Conducted by QSA & Sr. Info Sec Consultant
- ASV Scan
- Handholding Organization to guide the QSA through evidences
- QSA Audit & ROC Preparation
- Management presentation
The PCI DSS project with the client was a top success in delivering the compliance within the agreed timeframes at a much reduced budget. The client has renewed the engagement for the subsequent years and continues the engagement till date.