PCI Counseling and Advisory Services

Serving in an advisory capacity, one or more of Halock's QSAs (PCI Qualified Security Assessors) will work with your organization's IT staff to facilitate PCI compliance efforts. Your organization may decide to handle some or all of the required PCI compliance activities internally, but working with an advisor with expertise in conducting PCI audits can help to save significant amounts of time, money and resources while working to achieve PCI compliance.

One of the most effective ways of minimizing the cost of becoming PCI compliant is to ensure that you have correctly identified which parts of the IT environment need to be included within the scope of PCI compliance.

The Payment Card Industry defines the scope for PCI compliance as follows:

The PCI DSS security requirements apply to all 'system components.' A system component is defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Server types include, but are not limited to the following: web, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS). Applications include all purchased and custom applications, including internal and external (internet) applications.

One of Halock's QSAs will work with your organization's IT staff to map the flow of credit card data through the network and systems involved in storing, processing or transmitting that data.

Using the information collected in the previous step, the QSA will work with your IT staff to determine which parts of the IT environment will have to be included within the scope of PCI compliance efforts.

In some cases, Halock will make recommendations for creating additional segmentation within the network in order to isolate systems involved in the handling of credit card information. This approach can often significantly reduce the cost of achieving PCI compliance.

Upon completion, Halock will deliver a summary of recommended scope for PCI compliance, based upon gathered information. Additionally, Halock will provide a summary of recommended work efforts for achieving and demonstrating PCI compliance (PCI Compliance Road Map)