About Sword & Shield
Since 1997 Sword & Shield has been the trusted information security partner for 3000 clients in 50 states and 27 countries around the globe.
Awards CertificationsRequest Consultation
Company News
-
800-810-1885
Your Partner for a Secure Future
- Home
- Services
- Industry Solutions
- Products
- About
- Contact
- Blog
Security Testing
Risk and Compliance
Forensics and eDiscovery
Security Products
© 1997-2010 Sword & Shield Enterprise Security, Inc.
PCI
PCI Services Menu
PCI GAP Analysis (Pre-Audit)
For first time Level 1 merchants and service providers, facing a full Report on Compliance assessment can be a daunting task. The first-year ROC almost always reveals significant gaps in operations, security processes, and controls, leaving the organization with many unanswered questions and an unclear roadmap to compliance.
Our PCI Gap Analysis/Remediation Plan helps avoid the drain of resources of both time and capital associated with a first-time ROC by performing a review of your security processes and controls against the full PCI DSS without the in-depth control operational testing required by the ROC testing procedures. Our process identifies gaps and creates a remediation plan to allow your organization to concentrate on meeting compliance timelines and budgetary constraints.
Back to Top
PCI Onsite Report on Compliance (ROC)
As a PCI QSA, Sword & Shield provides comprehensive security assessments of the Data Security Standard to Level 1 Merchants and Level 1 and 2 Service Providers, resulting in a documented Report on Compliance (ROC). The ROC provides independent validation of compliance to customers, card brands and acquiring banks. Our ROC assessments are led by senior security analysts who maintain CISA and CISSP certifications. Our auditors intimately understand the retail and service provider processing models and the idiosyncrasies that make your business unique. We help our clients understand compliance risk, control options and compensating control strategies as they work toward achieving and maintaining PCI compliance.
Back to Top
PCI Compliance Central for Service Providers
If you are a service provider processing payment card charges for a number of merchants, your merchants must, at a minimum, complete an annual SAQ. If you are a organization with a large number of widely dispersed points of sale locations processing payment cards, you are responsible for completing an annual SAQ for each location. Sword & Shield can provide you with a cost-effective way of assisting the merchants in completing the appropriate SAQ and conducting quarterly vulnerability scans where required.
Back to Top
Self-Assessment Questionnaire (SAQ) Assistance
Sword & Shield will provide general PCI-related consulting to assist with completion of an SAQ and customer submission of Attestation of Compliance (AOC). We will establish a Compliance Center web portal to manage and track responses to questions, post evidence of compliance and send compliance reports to your acquiring bank. We also provide you with advice to complete the PCI self-assessment and provide practical remediation guidance to help you achieve secure PCI compliance.
Back to Top
PCI Quarterly Scans
Sword & Shield resells Qualys and SecureWorks ASV Scanning Service. Scanning by an approved ASV is required for levels 1 – 4 for merchants who transmit, store or process card data.
Back to Top
PCI Annual Network Vulnerability and Penetration Test
PCI DSS Requirement 11.3.1: PCI Penetration Test: perform network-layer penetration testing at least once a year and after any significant infrastructure upgrade or modification. For this service, see the Sword & Shield Penetration Testing and Vulnerability Assessment page.
Back to Top
PCI Wireless Assessment
If you have wireless access points in your payment card network, PCI DSS Requirement 11.1 may apply: Test for the presence of wireless access points by using a wireless analyzer at least quarterly. For this service, see the Sword & Shield Wireless Security Testing page.
Back to Top
PCI Web Application Test
If you have a Web site that collects, stores or transmits card data, PCI DSS Requirement 11.3.2 may apply: Perform application-layer penetration testing at least once a year and after any significant application upgrade or modification. For this service, see the Sword & Shield Web Security Testing page.
Back to Top
General PCI Consulting
Sword & Shield can also provide general PCI consulting advice to help you proceed with your PCI self-assessment. We can provide you with the information you need to make business decisions with respect to PCI and help you acheive PCI compliance in a secure manner.
Back to Top
Policy Review and Development
Sword & Shield will review and assist in the development of PCI policies to meet best security practices.
Back to Top
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or contact us by phone so we can begin securing your future.
U.S. Toll-free: 800-810-1885
International: 865-244-3500
Request a Consultation
PCI Fundamentals On-Demand Webcast
Sword & Shield and Juniper Networks co-host a webinar to discuss how organizations can meet or enhance their PCI compliance security. A recording of the webcast, PCI Fundamentals: Assessing Risk, Conducting Cost/Benefit Analysis and IT Solutions to Tackle PCI Challenges, and accompanying slide deck are now available for viewing on-demand.
Watch Sword & Shield Director of Risk & Compliance Dave Shackleford joined Juniper Networks’s Troy Herrera, a senior solutions manager, to discuss:
View the on-demand Webcast here
Back to Top