PCI DSS Remediation Assistance

Consistent, informed advice during remediation is fundamental to a successful audit.

Delivered by our experienced QSA team, our remediation service provides you with exactly the level of support that you need.

Remediation is the toughest part of the PCI compliance process. During the audit process, organisations should be questioned and assessed by a qualified audit team. The results are recorded and presented back to the client for a complete understanding of how they meet the PCI DSS.

However, once the audit findings have been delivered, what then? If you have been through a Gap analysis, we would expect you to have a number of issues that need to be addressed before you can consider going for a full compliance audit.

Often Gap reports can document findings that point to significant areas for concerns. This may include defining the target PCI environment, fully understanding where card data resides in the organisation or which 3rd party has responsibility for particular card processing arrangements.

Many organisations simply do not have the expertise with the PCI standard (and who would expect them to?) to be able to answer correctly. Often they turn to QSAs for advice on what to do next.

So what makes Ambersail different?

First up - we are experienced. We qualified as an assessor (QSA) several years ago and have been working with many different companies in that time. We have taken many organisations - large and small - successfully through the process.

We give measured advice. Any compliance advice we provide is peer reviewed. You can be sure that you will be working with one of our experienced QSA team. All recommendations are reviewed by our QSA team. Our ticketing system for queries provides measurable advice that is in itself auditable.

We get straight to the point. You need to meet the requirements as set in the Report on Compliance (ROC). This is the document we work to - so you can see exactly, in detail, where you need to comply.

We are approachable. We have a great client base that we genuinely enjoy working with. This means we are confident that we can provide the right level of assistance that each client requires. We never overpromise or overcommit.

You only buy what you need. If you need our services - just call us in. No complex contracts that are difficult to extract from. We are confident that you'll value our service - no need to tie you in.

Example remediation tasks that we have recently been asked to perform:

  • Reviewing network architectures to ensure the scope for PCI auditing is fully understood.
  • Reviewing policy and procedure documentation to ensure it complies with the PCI DSS.
  • Rationalising proposals from third party product vendors. Working independently, we ensure our clients are only purchasing the solutions that meet the intent of the PCI DSS.

Feel free to contact us to discuss any aspect of your security or compliance programme.

 

Featured service...

Featured Client

Our PCI policy pack is a detailed, suite of documents that has been developed by our experienced QSA team.

Additional Information

  • We are an experienced QSA - performing audits for many years.
  • Communication is very important and we offer invaluable advice that often saves organisations time and money
  • We are completely independent and have no allegiance with product vendors. Our neutral stance allows us to make unbiased product selections for clients.
  • If required, we can independently liaise with your Acquirer to ensure you correctly interpret Acquirer requests.
  • Top 10 PCI DSS compliance reduction strategies.

Feel free to contact us to discuss any aspect of your security or compliance programme.


© 2010 Ambersail Ltd