— Compliance & Assessment (PCI)
Online is pleased to be recognized as a PCI DSS Qualified Security Assessor Company in Gartner’s Market Guide for PCI DSS Qualified Security Assessment Services.
Organizations who are not compliant with PCI DSS are putting themselves and their valued customers at risk of being breached.
If you are an entity that stores, processes, or transmits cardholder data, or if your company provides services to organizations where you could impact the security of their payment card data environments, you are required to comply with the PCI DSS.
Organizations that don’t protect cardholder data are subject to penalties and fines, not to mention increased financial and reputational risk. Online helps our Clients protect their data and systems, making sure they fully understand their compliance requirements
PCI SERVICES AT ONLINE
Cardholder and PII Data Discovery
Secure Code Training
PCI Readiness Assessments
PCI Trusted Advisor Consulting Services
Remediation Consulting including Prioritized Roadmaps
Penetration Test Services (Network, Application, and Segmentation)
PCI Assessments with Attestations of Compliance
Security Awareness Training
CASE STUDY: Asset Management and PCI Compliance
A Service Provider handling customer cardholder data (CHD) engaged with Online to address multiple significant technical, procedural, and time-based requirements.
To address these problems, Online's Service Management team performed a comprehensive evaluation of the network and application environment that included both on-prem and cloud based systems, utilizing the BMC Discover platform coupled with expert analysis from our team of consultants.
Online was pleased to be able to help the Client obtain an Attestation of Compliance for 2020, avoiding fines and potentially costly contractual issues with their customers. The Client has greatly improved their security and compliance posture and is well positioned to leverage this work to create a sustainable and optimized program in the future.
BLOG: A QSA Reflects on the
COVID-Affected Security Landscape
Online's Sherri Collis became a Qualified Security Assessor (QSA) in March 2008, and has performed hundreds of assessments through the years.
The current COVID-19 circumstances have certainly changed the world of PCI assessments; however, this different process isn't necessarily a good change or a bad change, perhaps a bit of both. Join us in discussing how tools like GoToMeeting, Zoom, and Facetime have made remote assessments possible.
BLOG: Business Resumption: Contact Centers
As businesses adapt to the changes in their operations due to the current state of our business landscape, the main question our Qualified Security Assessor's (QSAs) have been responding to is regarding how organizations can maintain PCI compliance while transitioning their contact centers (and associated business processes) to a "work from home" model.
Our team has responded by asking:
"Is this a permanent change, or a short-term change that is related to business resumption?"
Expand Your Security Processes Past Compliance
Our Risk, Security and Privacy (RSP) team is committed to delivering RIGHT-SIZED SECURITY and helping our clients create and manage cost-efficient and risk-effective information security programs that are aligned with their unique needs and risk appetite.
BLOG: Secure POS Implementations
If you are a merchant with point of sale systems (POS) accepting the EMV(R) Chip, and/or if you have implemented a Point-to-Point Encryption (P2PE) solution, you may want to have a quick read and confirm the security posture of your POS implementation.
BLOG: Cybersecurity is About Attitude, Culture...Not Strictly Compliance
Security is something you do continuously and diligently; not something you check off a "to do" list and then sit and relax. PCI has all the component parts to allow companies to adapt this state of due diligence.
CONNECT WITH OUR TEAM
PCI Services, RSP
Risk, Security & Privacy