Description
IconATG's Minimum Path to Governance (MPTG) provides a comprehensive approach to achieving, maintaining, and demonstrating PCI-DSS compliance. Our unique approach integrates cultural, business, and technology change to minimize the cost to achieve and maintain long term compliance.
Since PCI-DSS compliance keys on every point in your business process where Card Holder Data (CHD) is handled, processed or stored, IconATG's approach to remediation focuses on Eliminating, Reducing, and Centralizing contact with CHD. This proven approach provides not only the shortest path to PCI compliance, it also the most cost effect approach for compliance and long term compliance maintenance.
Why Comply?
The reality is that PCI has a punitive approach to non-compliance that transfers liability for data breaches to the credit card merchant. Not only are merchants liable for actual fraudulent card usage (averages $5000 per stolen card), but they are also subject to fines of up to $500,000 per occurrence.
Also, since non-compliance with PCI-DSS is determined after-the-fact by forensic investigation, if a data breach should occur, access to systems involved in a breach are required to be left in-place until forensics team arrives, and may not be used for continuing business until the investigation is complete. This means that:
A single data breach involving a central server (i.e. Database server) can shutdown a business for the duration of the investigation.
The PCI Compliance Challenge
With PCI-DSS 1.2 plus various state laws, the bar has just been raised significantly for Payment Card compliance. PCI-DSS 1.2 not only more than triples the number of requirements for compliance over version 1.0, it also widens the compliance requirements significantly to include many merchants that haven’t been affected before. Furthermore, a significant number of states have adopted or will adopt PCI or their own Card Holder Data regulation, which adds state rules and regulations to the already complex set of requirements under PCI.
Leveraging years of Business Re-engineering, Process Improvement, Compliance, and Automation experience, our consultants are not only up to the PCI Compliance Challenge, but we also cut to the heart of the PCI requirements and explain these to our clients in an easy to understand way.
Common Problems Addressed by This Offering
- Need to be compliant with PCI-DSS 1.2 (or wondering if you need to be compliant)
- Data Breaches have exposed Card Holder Data
- Can't identify your checkpoints for Card Holder Data or too many check points for Card Holder Data
- Need to prepare for a PCI audit
PCI Compliance Services
Training Services
Consulting Services
- Payment Card Industry (PCI) Self-Assessment Questionnaire (SAQ) and PCI Remediation
- Business Process Modeling
- Tools assessments, selection, sizing, deployment, education - Minimum Path To Automation
- Minimum Path to Governance
Tool Services
- IBM Rational Tool Reseller / Advanced Business Partner
- Web Application Security and Compliance with AppScan