My Integralis

PCI Self Assessment Consultancy

The PCI self-assessment process is complex and requires a detailed understanding of both the architecture and the operation of many infrastructure components. Integralis has the expertise and experience to ensure your business is PCI-compliant. We work with you to identify what systems and processes need to be assessed and help your staff understand the assessment process. Our flexible approach means we can execute the entire PCI process or augment your internal resources to audit specific technical areas and complete the associated sections of the questionnaire.

The Integralis Self-Assessment Consultancy addresses a wide range of categories that are required to help you achieve PCI compliance, including:

  • Building and maintaining a secure network
  • Automated and manual discovery of sensitive cardholder data throughout your infrastructure
  • Approaches to dealing with legacy systems housing cardholder data
  • Protecting cardholder data
  • Maintaining an effective vulnerability management program
  • Implementing effective access control measures
  • Regularly monitoring and testing networks
  • Maintaining a policy that addresses information security requirements

The technical elements we cover for the Self-Assessment questionnaire include:

  • Firewall, router and switch best practices
  • Encryption advice
  • Identification of perimeter security devices
  • Identification of wireless device security settings

When complete, Integralis provides you with a report that identifies components that need to be audited, provides best practices for performing audits, and outlines a consistent methodology for examining devices. It also covers our recommendations regarding which solution elements must be analysed and, where appropriate, we provide supporting security standards for comparison purposes. We also offer a formal presentation of the results to help you fully understand what’s involved.

Meeting PCI program compliance requirements is critical as the card issuer (Visa, MasterCard, American Express, etc.) can levy penalties on merchant or service providers who are not in compliance and increasingly PCI compliance has been written into law in the US and globally.