Security Compliance Associates

DATA FLOW ANALYSIS

This phase begins with a data flow analysis to understand where cardholder data is stored and processed. Data is traced and mapped from points of input, down to the payment processor. All devices, systems, applications and databases that store, process or transmit cardholder are documented.

During the remediation phase, Security Compliance Associates will provide technical guidance and consulting on potential solutions and approaches required to meet the compliance requirements for PCI DSS. This includes consultation and advice for implementation of solutions, practices, documentation and logs that are necessary to obtain PCI compliance. The amount of effort for this phase is dependent on the findings in the Readiness Review Report.

PCI - DSS requires an institution to conduct periodic (in most cases, quarterly) network vulnerability scans, both internally and externally. Moreover, it is necessary to test the network after migrations, upgrades, component installations, new applications, firewall re-configurations, general network topology changes, etc. PCI compliance is achieved with Security Compliance Associates verifying that the most recent scan is a passing grade and that the institution’s testing is documented.

Security Compliance Associates will conduct on-site PCI - DSS program training. Employee training typically consists of one day on-site, with a maximum of four sessions. Additional days and/or additional sessions are available at additional cost.