PCI DSS

Whether your company is a large multinational corporation or a SME (Small to Medium Enterprise), through TENCONS we can help you deliver on your PCI DSS requirements.

TENCONS offers 4 main services which can assist an organisation to navigate through the whole compliance journey or just a part of it, this all depending upon your specific needs. You decide just how much or little you would like us to assist and in even this decision we can give you guidance to decide.

1 Compliance Consultancy

TENCONS provides PCI DSS-related advice and guidance on the full range of requirements. If you are just commencing on your compliance journey, TENCONS’s consultancy can provide training and awareness workshops; validate the scope of your PCI DSS environment, and what level of reporting you will need to complete.

Additionally, we can provide compliance advice on the implementation of specific controls (such as FIM, IPS/IDS, WAF, Security Monitoring, system configuration hardening); as well as strategies for reducing scope and compliance liability (such as tokenization, P2PE, and use of third-party service providers).

2 Gap Analysis

The TENCONS Gap Analysis is a service where our security consultants conduct an in-depth analysis of a client’s organization with the view to assess whether they fulfil the PCI standard and to identify any gaps for necessary remediation.

The process usually involves client site visits to work through a series of workshops and meetings, resulting in an all-inclusive reporting on the companies’ current PCI compliance state, as well as on the remediation measures needed to fully meet the compliance requirements.

3 PCI-DSS Compliance Monitoring and Maintaining

We assist you in maintaining your PCI DSS compliancy no matter where you are on the journey.

Companies are subject to mantain the PCI DSS Compliance on an ongoing basis.

Mandatory routine activities such as vulnerability assessment and penetration testing are periodically delivered as-a-service by us or our Partners on flexible delivery periods aligned with the PCI DSS standard or more frequently if required.

TENCONS offer the full spectrum of PCI DSS related services. We partner to make it easier for your organisation and staff to complete the PCI compliance journey with minimum investment or effort.

4 Audit and Compliance Reporting

We can assist Level 1 Merchants and Service Providers for their annual assessments which must be completed by a Qualified PCI QSA Company/Consultant by performing full pre-assessments and workshops and also by participating during your early assessment as a PCIP representative.

Additional Information

The most difficult part in the PCI DSS compliance is not to maintain the necessary compliance level but rather to do it in an effective way by not sacrificing neither from the business processes nor from the IT and IS ones. In TENCONS we do believe in that statement and we care to throw every resource optimization technique that we are aware of because the continuous PCI DSS compliance or maintaining high security environmentshouldn’t be expensive or ineffective.

To achieve so we specialize in the most modern and effective PCI DSS scope reductiontechnologies and customized compensating controls. By reducing the scope of the PCI DSS compliance an organization could save great amounts of resources. The simplified PCI DSS environments also have the added benefit of increased security due to the simplification – less exposure.

We also can provide security consultancy on the internal systems that are interacting with the PCI DSS environment but doesn’t affect its security. Although those systems are not in scope, we believe that there shouldn’t be a huge gap between the PCI DSS environment security level and the rests of the internal systems security level. It is proven in our practice that often applying cost effective security solutions to those out of scope systems is greatly beneficial.

TENCONS through our Technology Partner iCyber-Security could provide bespoke and Vendor agnostic Information Security solutions and services. We are proud to offer together solutions that could help automating the PCI DSS compliance and the Information Security Operations and Monitoring. For more information please see …. Link to the Technology Partners page.