• Home

• Industries
  • Financial Services
  • Government
  • Healthcare
  • Higher Education
  • Legal
  • Public Companies
  • Public Utilities
  • Retail

• Solutions
  • IT Audit Services
  • IT Risk Assessment Services
  • IT Security Planning
  • PCI Compliance Services
  • Application Code Review
  • Vulnerability Scanning
  • Penetration Testing

• News & Events
  • Events
  • Webinars
  • In The News
  • Press Releases

• About Us
  • Overview
  • Management
  • Partners

• Careers

• Contact Us

PCI Pre-Audit Assessment

For emerging Level 1 merchants and service providers, facing a full Report on Compliance (ROC) assessment for the first time can be a disheartening proposition. The rigors of a first-year ROC almost always reveal significant gaps in operations, security processes, and controls - leaving the organization with many unanswered questions and an unclear roadmap to compliance.

Our PCI pre-audit assessment helps organizations avoid the drain of capital and time associated with a first-time ROC by performing a rapid review of your security processes and controls against the full Payment Card Industry Data Security Standard (PCI DSS) - but without the in-depth control operational testing required by the ROC testing procedures. Our process rapidly identifies gaps and creates a roadmap for success, allowing your organization to concentrate on meeting compliance timelines and budgetary constraints.

PCI Report on Compliance (ROC)

As a PCI Qualified Security Assessor (QSA), Coalfire provides comprehensive security assessments of the Data Security Standard to Level 1 merchants and Level 1 and 2 service providers, resulting in a documented ROC. The ROC provides independent validation of compliance to customers, card brands and acquiring banks. Our ROC assessments are much more than a junior auditor quoting rules and putting checks on a list. Our ROC assessments are led by senior security and audit staff that maintain concurrent CISA and CISSP certifications. Our auditors intimately understand the retail and service provider processing models and the idiosyncrasies that make your business unique. Many of our auditors have worked with PCI-compliance initiatives since the initial VISA CISP and MasterCard SDP programs were released. We help our clients understand compliance risk, control options and compensating control strategies as they work toward achieving and maintaining PCI compliance - all at a cost that won't break the bank.

PCI Self Assessment Questionnaire (SAQ)

Level 2, 3 and 4 merchants and Level 2 service providers must complete an annual Self-Assessment Questionnaire (SAQ) to evaluate their organization's compliance in relation to the PCI DSS. Management must sign off on the accuracy of self-assessment assertions; sometimes without confidence that the requirements are truly understood by their staff or that the responses are truly an accurate assessment of compliance risk. Coalfire provides expert guidance and validation for companies seeking assistance with their internal review and reporting requirements. We deliver cost-effective, automated, web-based solutions to facilitate the understanding of the assessment questionnaire, the accuracy of responses, tracking of compliance gaps and ease of assessment reporting to acquiring banks.

PCI Quarterly Vulnerability Scans (QSV)

PCI compliance requires regular external network vulnerability scanning of all Internet facing systems that process or connect to payment card data. Coalfire is an Approved Scanning Vendor (ASV) for the PCI industry and has both self-service and managed solutions for meeting PCI compliance. Our scanning services are the right choice for safe, accurate and cost-effective scanning compliance. We have built our services around the industry's best scanning engines and added report filtering that reduces false positives and negatives. Additionally our tools provide reporting output in XML, Microsoft Word and Excel with sortable data that makes assigning and tracking remediation easy. All of our PCI scan information is delivered through a secure portal solution that makes it easy to track status with all associated parties.

PCI PA-DSS Report on Validation

Payment applications are under attack at an unprecedented level. Many payment applications have Internet connectivity, wireless or remote access enabled by merchants that were not incorporated into their initial designs. Most payment applications were developed when there was a drastically different threat and compliance environment in place. A payment application identified as insecure, or the source of a compromise, damages the reputation and success of the application vendor and the merchants utilizing those applications. Payment application vendors are now receiving compliance validation demands from customers, acquirers, processors and PCI assessors. By complying with the PCI Payment Application-Data Security Standard (PA-DSS), application vendors can reduce risks to merchant operations and distinguish themselves as a trusted business partner.

Coalfire, a certified PA-QSA assessor, provides validation services to help payment application developers achieve PA-DSS compliance in a manner that makes sense for their application. Through our exclusive Rapid PA-DSS compliance platform, we combine an adaptive intelligence self-help platform with a hands-on assessment methodology to guide clients through the PA-DSS compliance process efficiently and cost effectively. Coupled with Coalfire's certified application assessors, application developers use our compliance platform to select the compliance strategy that fits their application needs. Coalfire further provides value by communicating with VISA throughout the certification process, accelerating compliance with reduced impact on the development team.

As concern about the economy continues, developers have demanded a cost-efficient way to complete the PA-DSS validation process. Coalfire offers an online self-help tool called Rapid PA-DSS to help developers prepare for a much shorter and more productive assessment.

PCI Compliance Made Easy

For small- and medium-sized retailers and service providers, compliance with the PCI DSS requires completion and submission of the SAQ and quarterly external network scans. Accurately completing the SAQ can be a complex and frustrating experience. The highest risk to merchants is to maintain proof that compliance testing was adequately documented in case a subsequent data breach occurs. Coalfire's Rapid SAQ cost effectively guides PCI compliance with an easy-to-use web interface. Rapid SAQ prepares the most relevant PCI DSS control questions for your organization based on your input to a series of questions and then records "justification" for validating each compliance requirement.

Features

• Structured, interactive engine walks users through processes and generates all appropriate documents
• Based on your responses, Rapid SAQ will:
  • Automatically determine the appropriate validation type (A, B, C or D) for the merchant
  • Present only those required questions
  • Remove questions that are not appropriate
  • Record evidence of compliance
• Robust reporting with easy-to-read graphic stats
• Track your compliance against industry trends
• Manage multiple entities from one management page (e.g. franchises and/or multiple locations)

Rapid SAQ utilizes the power of Coalfire's Navis platform that provides customers with a robust suite of tools to manage their IT audit and compliance programs. The Navis platform makes it easier than ever to stay secure and compliant, regardless of organizational size or complexity.

To register for a Rapid SAQ click here.

Facilitated help option	Sample online forms and report
Automatically generates required PCI SAQ form	Remediation planning