What is PCI Continuous Compliance?
Our PCI DSS continuous compliance service is a subscription-based service. It offers an attractive and effective method of validating for PCI-DSS and having access to a QSA during the annual cycle. You are guided through the periodic tasks, to help you to keep track of them and that they are available during the compliance period to deal with any issues or questions that come up.
Ensure your path towards PCI Compliance is smooth
To help companies validating for PCI compliance we developed our Continuous Compliance program, by implementing periodic sessions, checks and meetings to track the PCI DSS Compliance Program activities and to ensure that they are being carried out. With this service validating for PCI DSS and remaining compliant becomes much easier.
Direct PCI QSA specialized support
The service ensures the availability of a PCI consultant or QSA for any queries during the PCI maintenance management cycle. In addition, any new project or change affecting the PCI scope environment can be pre-analyzed in terms of impact and implemented with the assurance that it is aligned with the requirements of the standard.
Subscription-based service. Fixed costs
This model is based on a fixed monthly fee, so you can budget the PCI DSS project during the start of the cycle.
Periodic meetings with a PCI QSA
Periodic coordination by a QSA trains the organization’s resources involved in the dynamics of PCI management and is naturally assimilated within its performance. This is especially important in organizations without resources dedicated to this purpose. This meeting can also be used to discuss any new projects that may impact the cardholder data environment or the way payments are carried out.
PCI annual assessment at the end of the cycle
Included in the monthly fee is the annual PCI annual assessment. Either the evidence and the full SAQ is checked, or if a Report on Compliance (ROC) is needed, the full audit will be performed. This results in an Attestation of Compliance (AOC).
Ensures the feasibility of the following PCI certification
The risks of not passing the next PCI audit are minimized, as the service ensures that periodic checks have been executed correctly and in time, and that the associated results (of which evidence must be presented during the audit) are compliant with those required by PCI DSS.
Reduces PCI audit process times
Customers and/or acquiring Remediation times and efforts in evaluation processes are drastically reduced. This results in the AOCs recertification and validity deadlines being guaranteed, avoiding unnecessary tensions with entities.
Gradual reduction in the cost of service
The cost and effort associated with this service can be reduced in the following PCI certification cycles, relegating the comprehensive coordination and review required in the initial cycles to regular monitoring of PCI maintenance activities and QSA support.
Companies using our PCI Continuous Compliance service
Why work with Fortytwo?
Engaging Fortytwo for PCI DSS compliance gives you access to calibrated expert advice that ensures that you neither over, nor under-invest in your PCI compliance efforts as advice is run by multiple Qualified Security Assessors (QSAs) with different areas of expertise. Work with Fortytwo and you’ll benefit from:
+ EXPERIENCE
We have long-held and deep experience in cyber security transformation across financial services, retail, travel industry, media and other sectors.
FULLY ACCREDITED
Our team holds a range of accreditations including QSA, CISSP, CCSA and CISA.
KNOWLEDGE BASE ACCESS
Our online database gives access to templates and example documents that provide useful tools and tips on PCI compliance. Our security knowledge base is continuously up-to-date, provided with the current development and based on customer feedback.
TRUSTED ADVISOR
We see ourselves as your trusted advisor and a critical part of your in-house team. Since we have the necessary resources to complement your every security need, we are able to keep your efforts focused while providing you with as much as little consultative expertise as you need.
HIGHLY SATISFIED CUSTOMERS
We provide value to our clients on a consistent, ongoing basis and we are proud of our long-term client relationships.
FULL TRANSPARANCY
We believe in empowering our clients. The more knowledge transfer occurs during our engagement, the more value our customers recognise. Our team fully discloses the methods, tools, and configurations used to perform analysis work for our customers in the hope that they can easily adopt our processes for their future benefit.
CLEAR COMMUNICATION
We strongly believe in providing easy to understand guidance and reporting. The PCI DSS rules may seem simple and straightforward, but on second sight, they are often regarded as complex and open for discussion. Our PCI DSS QSAs assist in explaining these auditor guidelines and provide guidance on how to implement them.
EXTRAORDINAIRY SERVICE AND SUPPORT
We truly care for your data security. Always providing and delivering professional, helpful, high quality service and assistance before, during and after your requirements are met.
How we work
Our Continuous Compliance program will be adjusted to your companies’ specific needs.
There will be periodic meeting to check on ongoing projects and PCI related topics,
and quarterly meetings to check recurrent tasks, security incidents, vulnerabilities and
PCI-related changes.
This will ensure the pre-audit (Gap analysis and audit planning) goes smooth.
After the remediation, the PCI Annual assessment will follow.
The monthly fee depends on the needs of the organization.
Included are the 4-mandatory quarterly ASV scans and the annual PCI audit.
We also offer annual penetration testing for an attractive price.
Create Custom Continuous Compliance Program
We will work together to create a custom Continuous Compliance Program.
Periodic Meetings & Quarterly Meetings
Together with our experts and your team, we hold periodic meetings to check on ongoing projects and PCI related topics. During the quarterly meetings, we will check recurrent tasks, security incidents, vulnerabilities and PCI-related changes.
Pre-Audit
We will perform the Gap analysis and create the audit planning.
PCI DSS Audit
After the remediation period, the PCI DSS Audit can start and the gathering of accurate information to satisfy PCI DSS compliance. The evidence and the full SAQ is checked. If a Report on Compliance (RoC) is needed, the full audit will be performed. During this phase, the Attestation of Compliance (AOC) is generated