PCI ASV SERVICES
LRQA Nettitude is a PCI Approved Scanning Vendor (PCI ASV).
As part of the security standard, there is a requirement for organisations to undertake quarterly vulnerability assessments of internal and external resources. In addition, organisations are charged with ensuring that their wireless airspace is secure, through carrying out rogue access point detection and wireless scans. Finally, PCI DSS requires that organisations carry out annual external and internal penetration tests that assess the network, the operating system and the applications that are part of the cardholder environment.
Self-service ASV Services
Many clients like the flexibility of being able to conduct ASV scans themselves. Instead of conducting them once per quarter, they may choose to run them daily, weekly or on a more ad-hoc basis.
LRQA Nettitude provides a self-service ASV portal for clients. The secure engine allows clients to schedule scans on-demand. It is powered with the same logic as LRQA Nettitude’s consultancy-led ASV service but has the added flexibility of running scans on more than just once per quarter.
LRQA Nettitude’s self-service ASV portal allows for both infrastructure and web application vulnerability assessments to be conducted in unison. The solution has been fully approved for PCI ASV scanning across all geographies.
Consultancy-led ASV Services
One of the biggest concerns of any automated vulnerability assessment service is false positives. Although LRQA Nettitude is able to provide an automated approach for ASV scanning with an exceedingly high rate of accuracy, many clients prefer a more consultancy-led engagement.
The benefits of consultancy-led ASV engagements are:
- LRQA Nettitude runs the whole test from start to finish
- LRQA Nettitude manually validates all vulnerabilities
- LRQA Nettitude removes any false positives identified in the assessment
- The whole engagement is project managed by a certified ASV consultant
Through this approach, LRQA Nettitude takes the headache out of the ASV process. If we find issues within your internet-facing infrastructure, we will provide guidance over the phone to help remediate the issues. We work as an extension of your security team to help you obtain and maintain PCI compliance.
Frequently Asked Questions about Data Privacy Security
What is an incident response policy?
An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. LRQA Nettitude follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.
Why is data privacy security important?
Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.
Does LRQA Nettitude practice sustainability?
As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.
Get in touch via the form below and get a free quote from us for our Red Team Security Testing services.