Aston Information Security logo
     information security
 security spacer information security graphic
        your information and network security needs taken care of
TEL: +44 (0) 845 643 2460     


“For 32 percent of organizations, just four hours of downtime could be fatal ”
Continuity Central, Business Continuity Unwrapped, 2006

 


PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) was written to address credit card and increase data security. This standard applies to every company that deals with card payment transactions. Adherence to the standard will also help avoid the TX Maxx hacker attack.

Since June 2007, every organisation that accepts payments by credit card has to comply with the PCI DSS. Retailers who handle credit and debit card details are now more accountable and accept more risk.

The standard comprises of 12 technical sections. If an organisation cannot demonstrate compliance with the PCI DSS they may now be liable for losses that arise, a $500,000 fine or, in extreme cases a ban on participation in card transaction.

Every quarter, all companies have to undertake a network security audit and on an annual basis complete a self-assessment questionnaire relating to data security.

Aston Information Security is able to aid companies in:-
bullet   PCI security assessment
bullet   Vulnerability, Network and Penetration scans
bullet   Building and maintaining secure network architecture
bullet   Demonstrating that cardholder data security programmes are in place
bullet   Maintaining a vulnerability management programme
bullet   PCI self-assessment questionnaire
bullet   Pre-audit compliance checks, and technical auditing
bullet   Implementing strong access restriction measures
bullet   Performing regular security risk assessment and monitoring
bullet   Maintain an information security policy
bullet   Forensic incident response service

Aston's Continuity Services department provides services which cover:

Business Recovery Plans - coordinate the development and maintenance of recovery plans for each facility that provide for the recovery, resumption and restoration of all functions within the facility following a major disruption. The objective of these plans is to ensure the survival of the organisation as a whole, and compliance with the requirements of the individual client contracts. The business recovery plan is a component of the business continuity plan.

Emergency Plans - coordinate the development and maintenance of plans for each facility that provide procedures, which will eliminate or mitigate loss or injury to corporate personnel and assets. At a minimum, emergency plans will address evacuation procedures, fire and smoke response, bomb threat response, and emergency medical procedures. The emergency plan is another component of the business continuity plan.

Business Recovery Tests - regularly review and test the recovery procedures in business recovery plans. It should be the responsibility of the managers of each department or functional area to ensure that the processes and services performed within their respective departments are recoverable and to have tested plans in place which document how the business recovery will be accomplished.

up
 
 
home - services - audit - ISO Standards - Contact