PCI DSS Compliance Strategy

A PCI Compliance Strategy is led by a QSA-certified auditor and one of our Senior Information Security Professionals.
Click hereto download pdf brochure.

The Quick Read

	Every company needs to develop an enterprise-wide strategy for credit card processing and storage
	This engagement will result in a comprehensive strategy encompassing current business processes and the PCI DSS Standard.
	Engagement includes documented findings and implementation plan
	Click Here to download PCI DSS Compliance Strategy (pdf)

Who Needs a PCI DSS Compliance Strategy?

	Any company that uses credit cards to process transactions needs to develop a strategy on how they will comply with the new PCI DSS Standard.
	Any Level 1, 2 or 3 merchant that processes a significant level of transactions and needs to understand the business processes and data storage issues across their entire enterprise.
	Any company that wants to pro-actively manage their credit card data processing and storage issues.

What is PCI DSS Compliance Strategy?

The scope of our PCI DSS Compliance Services includes a thorough documentation of all business processes that utilize credit card data, identify all areas of data use and storage and interviews with key stakeholders. Our QSA-certified auditor and Senior Information Security Professional will review all the findings and prepare a recommended strategy that will include compliance with PCI DSS Standard.

The PCI DSS Compliance Strategy will overlay the company’s business strategy with the 6 control areas of PCI DSS Standard.

	Build and Maintain a Secure Network		Protect Cardholder Data
	Maintain a Vulnerability Management Program		Implement Strong Access Control Measures
	Regularly Monitor and Test Networks		Maintain an Information Security Policy

PCI DSS Compliance Strategy Engagement Process and Deliverables

After an initial call, the Arsenal Security Group Senior Information Security Professional will prepare a statement of work within 2 days and we normally can begin an engagement within two weeks. During the engagement we will use interviews, questionnaires, physical tours and technical tools to develop our assessment. We will use a QSA-certified auditor in tandem with our QSA-certified Senior Information Security Professional to complete an engagement. We will provide an executive summary, a detailed report with all of our findings, recommendations and a final on-site presentation. Our engagement is not complete until all of our deliverables have been reviewed and accepted by our client.

About Arsenal Security Group
Arsenal Security Group is a security consulting firm that is focused on close client coordination and collaboration. From the initial meeting through the final presentation, one of Arsenal Security Group’s Senior Information Security Professionals will be the primary contact for all engagement activities.We proactively conduct weekly calls with our client when engaged and meet with clients on a quarterly basis to review and understand their security posture – even when we are not actively engaged on assignment to ensure they are aware of new security risks or regulatory changes they may impact their business.