PCI Compliance

TrustNet is a PCI Qualified Security Assessor (QSA) and provides a wide range of Payment Card Industry Data Security Standard (PCI DSS) compliance validation services. Our services enable businesses to achieve their compliance goals and build a sustainable program regardless of where they are in the compliance cycle.
PCI related services:
PCI Gap Assessments
PCI SAQ Compliance Reviews
PCI DSS Report on Compliance (ROC)
PCI QSA Remediation Assistance
PCI Penetration Testing
TrustNet helps to reduce time, complexity, and cost by aligning PCI DSS assessments with other assessments such as SOC examinations, ISO 27001 Certifications, and HIPAA assessments.
PCI Gap Assessment
  • Review Policies and Procedures
  • Conduct interviews, review network diagrams, configurations, and data flow documentation
  • Identify where cardholder data is stored and reduce scope
  • Create data flow analysis and mapping of cardholder data
  • Assesses network segmentation
  • Review architecture design
  • Document and confirm the scope for a future PCI DSS onsite validation
PCI DSS Compliance Review SAQ
TrustNet provides PCI Self-Assessment Questionnaire (SAQ) compliance reviews and guidance to companies that attest to their own SAQ.

 

  • Review Policies and Procedures
  • Conduct interviews, review network diagrams, configurations, and data flow documentation
  • Validate where cardholder data is stored
  • Create data flow analysis and mapping of cardholder data
  • Validate network segmentation
  • Completion of the Self-Assessment Questionnaire (SAQ)
PCI DSS Report on Compliance (ROC)
TrustNet provides PCI DSS Report on Compliance (ROC) guidance to organizations that are ready to undergo their annual PCI audit. The deliverable includes an official Report on Compliance confirming that you meet the Payment Card Industry requirements. Other deliverables include the Attestation of Compliance (AOC) and recommendations for improvements.

 

  • Review Policies and Procedures
  • Conduct interviews, review network diagrams, configurations, and data flow documentation
  • Validate where cardholder data is stored
  • Create data flow analysis and mapping of cardholder data
  • Validate network segmentation
  • Completion of the Report on Compliance (ROC) and Attestation of Compliance (AOC)
PCI Remediation Assistance
TrustNet provide consulting and remediation services in all aspects PCI DSS compliance. This may include developing specific implementation plans or consulting on various remediation needs.

 

  • Develop a remediation plan and prioritize deficiencies
  • Develop policy and procedures
  • Managing remediation tasks and timeline
  • Expert advice from Qualified Security Assessors (QSA)
  • Interpret PCI audit and compliance requirements
PCI Penetration Testing
Identifying Weaknesses To Improve Security and Reduce Potential Attack Surfaces

 

Penetration testing is a PCI DSS requirements and cybersecurity best practice that helps ensure IT environments are secure and vulnerabilities are patched. Our approach is designed to meet the PCI DSS requirements for independent Penetration Testing. A penetration test seeks to determine whether and how a malicious user can gain unauthorized access to information assets. For over a decade TrustNet has performed penetration tests to help organizations uncover hidden security vulnerabilities. Our proven methodology provides actionable steps for ensuring the security of your systems.