— Compliance & Assessment (PCI)

PCI Compliance & Assessment

Online is pleased to be recognized as a PCI DSS Qualified Security Assessor Company in Gartner’s Market Guide for PCI DSS Qualified Security Assessment Services.

Organizations who are not compliant with PCI DSS are putting themselves and their valued customers at risk of being breached.

If you are an entity that stores, processes, or transmits cardholder data, or if your company provides services to organizations where you could impact the security of their payment card data environments, you are required to comply with the PCI DSS.

Organizations that don’t protect cardholder data are subject to penalties and fines, not to mention increased financial and reputational risk. Online helps our Clients protect their data and systems, making sure they fully understand their compliance requirements

PCI SERVICES AT ONLINE

Asset Management

Cardholder and PII Data Discovery

Secure Code Training

PCI Readiness Assessments

PCI Trusted Advisor Consulting Services

Risk Assessments

Remediation Consulting including Prioritized Roadmaps

Penetration Test Services (Network, Application, and Segmentation)

PCI Assessments with Attestations of Compliance

Security Awareness Training

CASE STUDY: Asset Management and PCI Compliance

A Service Provider handling customer cardholder data (CHD) engaged with Online to address multiple significant technical, procedural, and time-based requirements.

To address these problems, Online's Service Management team performed a comprehensive evaluation of the network and application environment that included both on-prem and cloud based systems, utilizing the BMC Discover platform coupled with expert analysis from our team of consultants.

Online was pleased to be able to help the Client obtain an Attestation of Compliance for 2020, avoiding fines and potentially costly contractual issues with their customers. The Client has greatly improved their security and compliance posture and is well positioned to leverage this work to create a sustainable and optimized program in the future.

BLOG: A QSA Reflects on the
COVID-Affected Security Landscape

Online's Sherri Collis became a Qualified Security Assessor (QSA) in March 2008, and has performed hundreds of assessments through the years.

The current COVID-19 circumstances have certainly changed the world of PCI assessments; however, this different process isn't necessarily a good change or a bad change, perhaps a bit of both. Join us in discussing how tools like GoToMeeting, Zoom, and Facetime have made remote assessments possible.

BLOG: Business Resumption: Contact Centers

As businesses adapt to the changes in their operations due to the current state of our business landscape, the main question our Qualified Security Assessor's (QSAs) have been responding to is regarding how organizations can maintain PCI compliance while transitioning their contact centers (and associated business processes) to a "work from home" model.

Our team has responded by asking:

"Is this a permanent change, or a short-term change that is related to business resumption?"

Expand Your Security Processes Past Compliance

Our Risk, Security and Privacy (RSP) team is committed to delivering RIGHT-SIZED SECURITY and helping our clients create and manage cost-efficient and risk-effective information security programs that are aligned with their unique needs and risk appetite.

OUR THINKING

BLOG: Secure POS Implementations
Gone Wrong

If you are a merchant with point of sale systems (POS) accepting the EMV(R) Chip, and/or if you have implemented a Point-to-Point Encryption (P2PE) solution, you may want to have a quick read and confirm the security posture of your POS implementation.

BLOG: Cybersecurity is About Attitude, Culture...Not Strictly Compliance

Security is something you do continuously and diligently; not something you check off a "to do" list and then sit and relax. PCI has all the component parts to allow companies to adapt this state of due diligence.

CONNECT WITH OUR TEAM

SHERRI COLLIS

Director,

PCI Services, RSP

STEVE LEVINSON

Vice President,

Risk, Security & Privacy

ADDITIONAL RESOURCES

PCI-DSS Service Overview

OVERVIEW

The PCI v4.0 Runway Just Got Longer

BLOG

PCI DSS: When to Test Controls & Functions

BLOG

Remote PCI Assessments: We're Adapting With You

BLOG

Check out
Strategy & Roadmap
services at Online

Service Page

Check out
Contact Center Consulting
services at Online

Service Page

Check out
Digital Product Development
services at Online

Service Page