Striving to become PCI complaint takes work and a comprehensive security assessment to start. A large organization in the commercial and government security industry outsourced their mainframe development support to a company that specialized in these services. This was a smart move for a big organization that wanted to contain their costs for the technology platform they were moving away from. But when the parent company had to become PCI compliant the smaller support organization wasn’t ready to meet the need; they needed their own security remediation plan developed.
We created a solution that fixed the problem in three months and involved the following process:
- Conducting a complete security assessment.
- Delineating remediation tasks into action plans for network, policies, development, and service support.
- Developing the plan, schedule, and budget to get it all done.
- Creating security policies and incorporating them into HR’s annual staff training.
Finally but most critically, we had to make sure that the company could pass any future PCI audit. Without this, their operations would grind to a halt.
Upon project completion our client was very satisfied, with all above goals having been met. There were other benefits too. They could now quickly resolve the majority of remediation line items. And they had the infrastructure, tools, and training to quickly turn-around PCI audits, passing with flying colors.