Compliance as a Service CaaS
ControlCase has been intimately involved in helping organizations like yours navigate the PCI DSS landscape for several years now. The variety of products out there and the confusion around them makes it very hard to compare competitive offerings.
Various companies have taken various approaches and incorporated various technologies - hardware, software, onsite and managed offsite services to get them PCI Compliant.
We have simplified this whole process and come up with a solution that is akin to "PCI in a Box"; we call it the Compliance as a Service (CAAS).
The Bundle includes everything (except 4 offerings which a majority of the companies already have - firewalls, antivirus, patching process and technology specific encryption) that you will need to get PCI compliant and STAY compliant.
The CAAS offering includes a mix of hardware, software, onsite and offsite services that cost-effectively deliver one of the best values that you will see in the marketplace.
We recommend you seriously look at CAAS and evaluate your current cost of ownership and maintenance for ALL components related to PCI compliance (including hardware, software license and maintenance, personnel costs) with respect to the pricing and convenience offered by CAAS.
However, if you are currently not ready to avail of the benefits and cost savings offered by the Compliance as a Service (CAAS) offering, you can still avail of the individual components.
What is part of Compliance as a Service (Caas)
||PCI Requirement met
|PCI Gap analysis
||Overall PCI DSS Certification
|PCI Remediation support||Certification||Overall PCI DSS Certification|
|PCI Certification and report on compliance (ROC)||Certification||Overall PCI DSS Certification|
|Data discovery scanner for cardholder data||Software||Overall PCI DSS Certification|
|Centralized compliance management portal and reminders||Software||1|
|Firewall rule-set analysis||Managed Service||1|
|Configuration scanning of IT assets||Managed Service||2|
|Data discovery scanner for cardholder data||Software||3|
|Searching of cardholder data within environment||Managed Service||3|
|Application security scanner||Software||6|
|Application security scanning||Managed Service||6|
|File integrity monitoring platform||Software||10|
|24/7/365 monitoring with Alerts and Daily PCI log reviews||Managed Service||10|
|Secure storage and archival of logs||Software||10|
|Internal vulnerability scanner||Software||11|
|External vulnerability scanner||Software||11|
|Internal vulnerability scanning||Managed Service||11|
|External vulnerability scanning (ASV approved scan)||Managed Service||11|
|Internal penetration testing||Managed Service||11|
|External penetration testing||Managed Service||11|
|Customization and updating of policies to meet PCI requirements||Managed Service
|Annual PCI training portal||Software||12|
|Distribution and Attestation of Annual Security Awareness Training||Managed Service||12|
|Annual Risk Assessment||Managed Service||12|