Vigilar's PCI Compliance Management Program

The Vigilar PCI Compliance Management Program provides customers with a comprehensive solution to cost-effectively achieve and maintain compliance with the PCI DSS. Vigilar designed this program to help organizations simplify their approach to managing risk, achieving compliance and staying compliant. Organizations need a cost effective, reliable solution for ongoing PCI compliance that delivers a path to successful compliance reporting while also increasing their information security posture.

This annual program provides comprehensive coverage for the aspects of the PCI DSS that are relevant to the organization. Vigilar works closely with customers to help determine if they are in compliance with the PCI DSS, document that compliance, and improve security best practices. Vigilar’s deep experience in information security and the PCI DSS provides efficient allows Vigilar to act as a Trusted Security Advisor, providing ongoing support for PCI compliance initiatives.

1. Quarterly PCI Scanning and Reporting — Ongoing periodic or ad hoc remote vulnerability scans, as required in PCI DSS 1.1, combined with Vigilar’s security expertise to provide comprehensive reporting and remediation documentation for data security issues that are uncovered. Vigilar is a certified ASV for providing remote assessment scans.
   
   
2. PCI Gap Analysis and Remediation Roadmap — A thorough gap analysis to assess an organization’s readiness for a PCI Onsite Audit along with a roadmap of recommended remediation steps for becoming compliant.
   
   
3. Annual Onsite PCI Audits — Annual Onsite Audit for PCI DSS compliance as required. Vigilar performs the onsite audit and provides a Report on Compliance (RoC) that will be presented to the client and the clients’ acquirer (if needed). Vigilar is a Certified QSA vendor for conducting annual PCI Onsite Audits.
   
   
4. Annual PCI Penetration Testing — Annual or ad hoc network penetration testing based on PCI DSS and security best practices.
   
   
5. PCI Trusted Advisor Services (PCI Compliance Advocate) — Ongoing support for PCI compliance initiatives.
   • Dedicated QSA on call
   • Phone and e-mail support to answer questions
   • Covers management / documentation issues (for example, PCI relevant policy analysis)
   • Compensating controls analysis—verification with the acquirer or the PCI DSS SSC on compensating controls
   • Deep technical questions — for example, analysis of a firewall rule set for PCI compliance
   • Scan False Positive Validation service
     
     
6. PCI Portal (1 license) includes:
   • PCI Task Management Module — tracks an organizations path to achieving and maintaining compliance.
   • PCI Knowledgebase — resource for answers to 1,000s of questions.
   • Sample compensating controls.
   • Project planning templates.
   • State notification laws.
   • Assessment project plans.
   • Risk assessment templates.
   • Financial risk analysis model.
   • Inquiry tracker (allows customer and Vigilar to track all inquiries including ones to the acquirer and PCI SSC.)
   • Quarterly news bulletins.
   • Flash updates.
   • Online PCI Security Awareness.

Features

1. Annual, comprehensive solution to cost-effectively achieve and maintain compliance with the PCI DSS.
2. On-site audit services and quarterly vulnerability scanning services document ongoing compliance efforts.
3. Comprehensive security consulting services to establish compliance and improve security best practices.
4. PCI Portal with resources for task management, inquires and ongoing updates.
5. Extensive experience aligning information security requirements with strategic business goals, including coordinating audits and remediation efforts across internal business units.

Benefits

1. Ongoing, cost-effective program to achieve and maintain compliance with the PCI DSS.
2. Access to comprehensive PCI compliance expertise without the expense of finding, hiring and retaining permanent compliance staff.
3. Certified, third-party audits and assessments that help to clearly demonstrate compliance.
4. Trusted Security Advisor to provide access to real-world PCI DSS compliance experience and knowledge as well as act as the customer’s PCI Compliance Advocate.
5. Holistic, vendor-neutral approach. Vigilar’s relationships with over 70 industry-leading security vendors’ products and services helps Vigilar design the best solution for the customer.