Slide
/
Cybersecurity Expertise
Wednesday
9
December
2020

PCI DSS, the dual challenge of achieving and maintaining certification

Obtaining PCI DSS, as a processor on behalf of VISA, is a strategic and commercial issue. Maintaining this certification is an organisational issue.
See the website

Challenge

Obtaining PCI DSS certification is a challenge for any entity wishing to obtain the famous certificate of compliance. <br>It is necessary to be able to find the right balance between the level of security required by the standard and the level of security consistent with these activities while not disrupting productivity.
You have to be able to federate these teams while at the same time being able to provide the hierarchy with a status report on compliance. <br>Finally, you have to organise yourself to be able to maintain compliance over time, while ensuring a good system of continuous monitoring of the measures put in place. And that's what we're here for.

The perfect match

A 4-pronged approach to validating your compliance
A real collaboration between your teams and ours

And concretely?

6
consecutive years of PCI DSS certification for this entity
4
certified scopes: acquisition, payment gateway, issue and clearing
2
data centres were also certified

Our methodology

Our teams offer an approach to validate your compliance with a security standard based on a four-pronged approach. This approach is based on genuine collaboration with your teams and aims to maintain your compliance over time.

Diagnosis of the existing situation and definition of the scope

"The study of your contexts and payment paths, their documentation and the identification of the technologies in place are necessary to formalise the scope in order to determine the processing and storage of sensitive data.<br>This step allows you to establish and prioritise the phases of the project to comply with the targeted standard. "

Blank audit and implementation trajectory

"Gap analysis allows you to visualise your compliance with indicators and conclusions containing a remediation plan for each non-compliance<br>To do this, we carry out an inventory of your processes and procedures, and interview your teams to understand how they operate and their responsibilities with regard to risks. "

Certification audit and report writing

"Our accredited auditors conduct an audit (ISO27001 methodology). They prepare interviews with stakeholders based on the document review and carry out logical and physical security tests. <br>The evidence collected is used to draw up the audit conclusions and issue a certificate of compliance. "

Maintaining the required level of security

Managing and supporting the deployment of compliance solutions is essential to achieving and maintaining compliance. We support you in monitoring, training and raising the awareness of your employees, drafting your documents and interpreting vulnerability scans and intrusion tests.

Crossed views

"Working with our teams ensures that the requirements of the standards to which your company is subjected to are correctly interpreted. And thus ensure that your certification is maintained over time. "
Paulo Fernandes
Manager | Oaklen Consulting
"The support of our experts is a guarantee of control of your risks in relation to your scope of activity and your challenges. Our teams support you in the development of your cybersecurity strategy and guidelines. "
Coralie Chevallier
Cybersecurity Practice Leader | Oaklen Consulting
To go further

Our other case studies

Evolutions in the payment ecosystem: how to anticipate them best?

Read more

Obtaining approval, or how to support the emergence of a new payment player

Read more

Supporting the development of a payments player by obtaining PI status

Read more

Supporting development and ensuring investors confidence

Read more

PSD2: the double challenge of a major banking group

Read more

Regulatory obligations of payment networks: how to be ahead of the game?

Read more

Digital authentication: how to capitalise on banking trust?

Read more
To go further

Our other case studies

Evolutions in the payment ecosystem: how to anticipate them best?

Read more

Obtaining approval, or how to support the emergence of a new payment player

Read more

Supporting the development of a payments player by obtaining PI status

Read more

Supporting development and ensuring investors confidence

Read more

PSD2: the double challenge of a major banking group

Read more

Regulatory obligations of payment networks: how to be ahead of the game?

Read more

Digital authentication: how to capitalise on banking trust?

Read more