ControlCase is a global provider of IT Certification and Continuous Compliance services.
Our offerings enable clients to effectively manage their IT Governance, Risk Management and Compliance Management efforts.
ControlCase is a PCI Assessor approved by the PCI Security Standards Council.
1) What is PCI DSS?
PCI DSS stands for Payment Card Industry Data Security Standard (PCI DSS) – Established by leading payment card issuers, the PCI DSS provides guidelines for securely processing, storing, or transmitting payment card data.
2) What is the purpose of PCI PSS compliance?
The standard aims to protect organizations and their customers against payment card fraud and theft.
3) Who does PCI DSS apply to?
All Service Providers and Merchants who accept, store, or transmit card data must be compliant to the PCI DSS standard. Annual validation (or proof) is required by most merchant processors and is a way of demonstrating your environment is secure. Based on the number of payment card transactions you conduct annually, you will require a Self-Assessment Questionnaire (SAQ) or an independent onsite audit.
4) How often do l need PCI DSS compliance?
PCI DSS is an annual certification – however, you are required to maintain the security of your environment on a business-as-usual basis in order to achieve ongoing certification.
5) What are the different levels and what are the final deliverables?
PCI DSS Level 1 Merchant – Requires a Report on Compliance (ROC)
PCI DSS Level 2 Merchant – Requires a Report on Compliance (ROC) OR appropriate Self-Assessment Questionnaire (SAQ)
PCI DSS Level 3 Merchant – Requires appropriate Self-Assessment Questionnaire (SAQ)
6) What is a Report on Compliance (ROC)?
A ROC must be completed by a Qualified Security Assessor (QSA) after a PCI DSS audit. It is then submitted to the merchant’s acquirer who, after accepting the ROC, sends it to the payment brand for verification.
7) What is a Self-Assessment Questionnaire (SAQ)?
Merchants are required to complete a Self-Assessment Questionnaire (SAQ) for PCI compliance. Which one you need, is determined by the way your business handles payment card data.
Click Here to View our post on the different SAQs.
8) How can we achieve PCI DSS compliance in a cost-effective manner?
You’ve come to the right place! We will work in partnership with you and get you there!
First, we need to determine which PCI DSS validation level is required for your business. Then we will assist you in addressing all requirements and attest your compliance annually.
ControlCase is your one-stop-shop! We will help you achieve compliance; as well as assist with the cybersecurity requirements that need to be completed, such as; vulnerability assessments, penetration testing, policy & procedures, and security awareness training.