Obtaining PCI DSS certification is a challenge for any entity wishing to obtain the famous certificate of compliance. <br>It is necessary to be able to find the right balance between the level of security required by the standard and the level of security consistent with these activities while not disrupting productivity.
You have to be able to federate these teams while at the same time being able to provide the hierarchy with a status report on compliance. <br>Finally, you have to organise yourself to be able to maintain compliance over time, while ensuring a good system of continuous monitoring of the measures put in place. And that's what we're here for.
The perfect match
A 4-pronged approach to validating your compliance
A real collaboration between your teams and ours
And concretely?
6
consecutive years of PCI DSS certification for this entity
4
certified scopes: acquisition, payment gateway, issue and clearing
2
data centres were also certified
Our methodology
Our teams offer an approach to validate your compliance with a security standard based on a four-pronged approach. This approach is based on genuine collaboration with your teams and aims to maintain your compliance over time.
Diagnosis of the existing situation and definition of the scope
"The study of your contexts and payment paths, their documentation and the identification of the technologies in place are necessary to formalise the scope in order to determine the processing and storage of sensitive data.<br>This step allows you to establish and prioritise the phases of the project to comply with the targeted standard. "
Blank audit and implementation trajectory
"Gap analysis allows you to visualise your compliance with indicators and conclusions containing a remediation plan for each non-compliance<br>To do this, we carry out an inventory of your processes and procedures, and interview your teams to understand how they operate and their responsibilities with regard to risks. "
Certification audit and report writing
"Our accredited auditors conduct an audit (ISO27001 methodology). They prepare interviews with stakeholders based on the document review and carry out logical and physical security tests. <br>The evidence collected is used to draw up the audit conclusions and issue a certificate of compliance. "
Maintaining the required level of security
Managing and supporting the deployment of compliance solutions is essential to achieving and maintaining compliance. We support you in monitoring, training and raising the awareness of your employees, drafting your documents and interpreting vulnerability scans and intrusion tests.
Crossed views
"Working with our teams ensures that the requirements of the standards to which your company is subjected to are correctly interpreted. And thus ensure that your certification is maintained over time. "
Paulo Fernandes
Manager | Oaklen Consulting
"The support of our experts is a guarantee of control of your risks in relation to your scope of activity and your challenges. Our teams support you in the development of your cybersecurity strategy and guidelines. "
