Qualified Security Assessors? Yes, we are

News

9 May 2019

Did you know that KJR has achieved status as a Payment Card Industry (PCI) Qualified Security Assessor (QSA) company? In alignment with demand for KJR delivered cybersecurity services, our growing team of specialists are qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI Data Security Standard (DSS).

What this means for KJR clients

As a Qualified Security Assessor, KJR is placed to provide a greater depth of service to our clients who store, transmit or process credit and debit cardholder information. Different to a cybersecurity assessment, KJR will conduct an independent compliance audit for organisations who are required to be compliant with PCI DSS. Additionally, we offer gap analysis and pre-certification reviews, completion of Self-Assessment Questionnaires (SAQ) and remediation plans and support. So, whether you’re a Level 1 merchant requiring independent certification, or a Level 3 who needs expert assistance in this space, as a QSA KJR can be your trusted advisor.

Organisations who are required to be PCI DSS compliant may also find significant benefit in KJR’s complementary cybersecurity services, found here.

More about PCI DSS

Does your organisation:

  1. process, store or transmit cardholder data?
  2. take payments via its website or process card payments on behalf of its customers?
  3. take credit card payments over the phone or by mail order?

If you answered yes to any of these, or envision you will in the future, you need have PCI DSS compliance processes in place.

“The PCI DSS was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally.” There are six security control objectives that form the Standard and twelve requirements that sit within these:

1. Build and maintain a secure network

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters

2. Protect cardholder data

  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks

3. Maintain a vulnerability management program

  • Protect all systems against malware and regularly update anti-virus software or programs
  • Develop and maintain secure systems and applications

4. Implement strong access control measures

  • Restrict access to cardholder data by business need to know
  • Identify and authenticate access to system components
  • Restrict physical access to cardholder data

5. Regularly monitor and test networks

  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes

6. Maintain an information security policy

  • Maintain a policy that addresses information security for all personnel

If any of the above raise questions (or alarms) for you, we encourage you to contact KJR to discuss.

Who is the PCI Security Standards Council?

The PCI Security Standards Council is led by a policy-setting Executive Committee, composed of representatives from the five founding global payment brands (American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc) and Strategic Members.

The Council maintains, evolves, and promotes the Payment Card Industry Security Standards. It also provides critical tools needed for implementation of the standards such as assessment and scanning qualifications, self-assessment questionnaires, training and education, and product certification programs. Learn more at their website.

You may also like