My Integralis

PCI QSA Audit

If your organisation touches or sees credit card information and cardholder data, either directly or as a service provider to another company, then you are subject to PCI compliance. As an IT executive charged with PCI compliance, you are not only managing the risk of financial liability for penalties and fraud conducted on your systems, but increasingly it is a matter of law. In the US and worldwide, PCI is evolving from industry compliance to government mandate.

Depending on your company’s role in cardholder data handling and the number of transactions you conduct yearly, your company may be required to either conduct a self-assessment or have one performed by a PCI Qualified Security Auditor (QSA). In all cases, PCI requires that an executive officer of your company sign-off on any assessment statements and results highlighting the accountability and liability inherent in the process.

Integralis has vast experience in PCI compliance and we are certified by PCI under the QSA program. In addition, we offer ongoing quarterly accredited vulnerability scanning services required by PCI as well as quarterly PCI review services. Integralis performs PCI assessments and can assist you in your ongoing self-assessment program.

PCI audits are complex and require strong knowledge of the standard and techniques for maximising compliance while reducing cost. The PCI audit process is complex and requires a detailed technical understanding of both the architecture and the operation of many infrastructure components. Integralis experience enables you to use your resources efficiently to meet PCI requirements.

Integralis holds formal Qualified Security Auditor (QSA) status, and brings proven experience in both technical and procedural auditing. We have helped many of our clients meet their PCI requirements, with services that include pre-audit gap analysis and audit scoping, as well as conducting the overall assessment and the resulting remediation.

Integralis’ QSA Audit practice addresses all of your PCI requirements, so that you can:

  • Build and maintain a secure network
  • Protect cardholder data
  • Automated and manual discovery of sensitive cardholder data throughout your infrastructure
  • Approaches to dealing with legacy systems housing cardholder data
  • Maintain an effective vulnerability management program
  • Implement effective access control measures
  • Regularly monitor and test networks
  • Maintain a policy that addresses information security requirements and operational best practices

As a result of the PCI QSA audit, our expert security consultants will provide you with a comprehensive report that identifies the compliance status of the audited network, based on PCI compliance guidelines. We can also help you design recommended compensating controls for remediation that are included in the report. We then work with you to submit these to your acquirer or card brand for final approval.

PCI QSA Audit is required for level 1 and level 2 service providers, and for most level 1 merchants. Because the definition of these levels varies, we can also help you determine your compliance requirements as part of the engagement. Meeting PCI program compliance requirements is critical as the card issuer (Visa, MasterCard, American Express, etc.) can levy penalties on merchants or service providers who are not compliant.