PCI Audit & Certification2018-06-20T10:11:37+00:00

PCI AUDIT & PCI CERTIFICATION

As a Qualified Security Assessor (QSA) company, Nettitude has been approved by the Security Standards Council (SSC) to measure an organisation’s compliance to the PCI DSS standard. Nettitude provide PCI Audit and PCI Certification services for organisations all around the world. Nettitude audit and assess both service providers and merchants, and we help them maintain compliance year on year.

Request a free quote

PCI (QSA, PAQSA, ASV) - ISO

Key Elements of PCI Audit and PCI Certification Services

  • Extensive team based across North America and EMEA
  • Strong Project Management capability, ensuring PCI Audits run on time and on budget
  • Strong references and testimonials
  • Nettitude is a PA-QSA and a PCI ASV company. Our team have been PCI Auditors since the standards inception
  • Nettitude have provided speaking slots at the annual PCI Community meetings
  • Additional PCI alignment services. Nettitude can support organisations align with ISO27001, NIST CSF, CIS, SANS and Cyber Essentials Plus to achieve synergy across cyber security standards and frameworks
  • Supporting PCI Services such as Vulnerability Assessments, Penetration Testing, Policy Writing and Managed SOC Services.

Nettitude have been an active contributor to the PCI standard since its inception and have contributed to many of the PCI Special Interest Groups including penetration Testing, tokenization and logging and monitoring.  Nettitude provide a range of services around PCI DSS to help organisations maintain compliance, and our comprehensive project management team ensure all audits run to time and on budget.

Our international team of QSA consultants deliver PCI consulting services across the globe, for both merchants, service providers and acquirers alike. Nettitude work with level one and two organisations all the way down to level three and level four merchants.  Our focus is on delivering high quality PCI guidance, in a pragmatic and risk based approached. This approach sets us out from the crowd and has enabled us to become the trusted partner of many organisations that are working towards, or maintaining PCI DSS compliance.

Why Choose Nettitude

Our Global Reach

Through Nettitude’s presence in both Europe and North America, the team deliver PCI consulting, PCI auditing and PCI certification services for organisations with a global reach.  Nettitude ensure that each client is provided with both a primary QSA and secondary QSA on all projects and engagements. This ensures maintenance of a consistent interface with your organisation and generate maximum return on your investment. Nettitude have a proven methodology and project plan that helps our clients achieve compliance on budget and on schedule.

Our methodology

Nettitude’s QSA consultants are qualified to perform on-site audits for all merchants as well as being ideally placed to offer focused advice and consultancy on specific requirements. Services are tailored to the individual customer’s requirements but will extend across all 12 of the PCI requirements.  Nettitude delivers policy writing services, designed for your organisations specific needs. Additionally, Nettitude  provide penetration testing, ASV services and web ppplication testing services to identify vulnerabilities in your applications and infrastructure. Nettitude deliver Security Awareness Training (SAT), and secure coding workshops to help improve security knowledge within your users as well as your developers. Nettitude provide card discovery services, managed detection and response services and Security Operations Centre (SOC) functions to help organisations maintain their PCI compliance programme.

Expectations around PCI audit

Nettitude is able to provide full-suite services for organisations pursuing PCI certification. It is rare that organisations will have all of the controls in place to achieve compliance if they are only just starting out on the journey.  Many organisations ask Nettitude how long it will take to achieve compliance, and for this there is no definitive answer(a bit like the saying “how long is a piece of string”).  That said, for medium sized organisation that are starting on the PCI journey, that already have robust InfoSec policies, procedures and practices Nettitude would recommend that it would be prudent to budget 3 months to achieve compliance. For organisations with straight forward environments it may be achievable in less time, and for organisations with larger PCI scopes, so this duration may need to be extended.

Nettitude’s Recommendations

Nettitude recommends that organisation have a walk-through audit, prior to the final audit commencing.  This is recommended as there are strict rules defined by the PCI Security Council that govern how final audits are conducted. The run through process, (termed as a Pre-Audit) is designed to deliver assurance that the full audit and compliance activity will run to plan and run to budget.

Once organisations have been certified as being PCI Compliant, they will move in to a management and maintenance phase. Although many organisations will be relieved that the audit is behind them, the maintenance phase requires consistent demonstration of rigorous process and effective ongoing security practices. Nettitude is able to provide a range of services to support organisations on an ongoing basis, taking advantage our custom threat intelligence to ensure that the organisations are in tune with the current cyber threat landscape. Through the custom maintenance methodology that Nettitude presented at this conference, has supported many organisations in maintaining compliance throughout the ongoing review cycle.

What differentiates your managed service from other providers’?

Nettitude understands that Information Security is a process not an event. Our team ensure that any days that you purchased are used effectively, even if your organisation doesn’t experience a security incident. Any pre-purchased days can be used for a range of activities including:

  • Malware analysis and reverse engineering
  • Host intrusion analysis / digital forensics
  • Network packet capture and analysis

  • Data recovery
  • Incident Testing
  • First Responder Training
  • Cyber insurance claims coordination
  • Threat Hunting

To find out more about how Nettitude can help you with your PCI QSA Compliance requirements, please arrange you free no obligation consultation.