A transparent process consistent with PCI standards
It’s not unusual to have some uncertainty with where to begin the daunting task of developing or enhancing an existing information security program for compliance with the Payment Card Industry Data Security Standards (PCI DSS). For Liquid Networx, it’s simply a matter of starting at the beginning.
Most companies that undergo a security assessment for the first time have significant gaps in their programs. The same is true of companies making significant changes to their environment. A gap analysis can help to identify any potential gaps and allow time to formulate strategic solutions. Companies choose Liquid Networx, for our expertise in the field and because we work with you to understand your business requirements and security posture so we’re able to craft a program that meets your individual needs.
A GAP analysis for measurement and direction
Step one, the gap analysis is based on the PCI DSS and helps to determine what is or is not in place on your network. A gap analysis can be used to evaluate your environment as a whole or target a new technology or architecture being implemented. The result of this review can range from “There is no documented information security program” to “We just need to tweak a few things and we are good to go.” Most businesses land somewhere in the middle. Once we’ve completed the review, we work with you to craft a risk-based plan of attack based on your compliance goals and timelines.
Remediation assistance that gets you to the finish
Once your issues are known, it’s time for real assistance. Often security assessors hand a customer their report and say, “Good Luck” and hit the road. But at Liquid Networx we’re in it for the long haul. Whether it’s working to develop compensating controls, writing policies and procedures, or helping you select appropriate security solutions, we’re here every step of the way.
Assessments that don’t leave you in the dark
In need of a Report on Compliance (ROC)? While all QSA’s must use the same audit procedure, they don’t all similarly execute. Liquid Networx, however, has a stringent quality assurance program to ensure that all of our QSA’s:
- Have the same interpretation of the standard.
- That their interpretation is consistent with that of the Payment Card Industry Security Standards Council (PCI SSC).
- Never issue a finding that can’t be fully explained and/ or lacks evidence to support it.
- Will gladly explain any Liquid Networx position or interpretation of “gray areas.”
As an approved QSA, we provide you with a Report on Compliance and Attestation of Compliance. Think of Liquid Networx when you are ready for an annual assessment.