The Payment Industry is a hot target for hackers. Credit/Debit card providers and payment processors are challenged to secure their network and services with the strictest security controls.
Define and Validate Controls, Policies and Process
We design control objectives for SSAE16 and IT Security policies and procedures as per the requirements of any industry standard as well as your business internal control structure. Depending upon the requirement, we evaluate, and also validate, map and redefine the existing controls, polices and templates for design and effectiveness.
Examine the Environment
Scoping out a high risk area where security controls are to be applied and audited is the key to an effective security framework. We identify the scope of all the secure practices and work flows to confine any potential risks to the minimum level in office premises, networks, systems and processes for any audit and certifications. We authenticate the presence of cardholder data by assessing cardholder data presence in your environment. We identify and evaluate data flows in your, systems, network connections and the application itself to scope put the PCI DSS applicability scope. Our experts can help you present most feasible options from tokenization to network segregation to limit the cardholder data scope and therefore minimizing the risk area and audit scope. Also, we map out client’s network diagram and prepare a document comprising of a detailed scope analysis in accordance with PCI auditor’s requirements.
Readiness Assessment / Gap Analysis
We perform an in-depth analysis of the client’s current policies, procedures, network structure, applications flows, Operational processes and data controls to identify any gaps and risks. We also execute a readiness assessment against the client’s chosen certification with the intention of verifying that all processes are in compliance and ready for certification. This includes a live review of all systems, policy procedures, controls and data flows. Additionally, we guide them to close the gaps and maintain that each prerequisite is adequately managed. In case to watch out for deficiencies, we present a detailed report comprising of corrective measures that accurately address the situation. We also perform a full mock audit for preparing your staff and running an evidence gathering and interview practice for actual audit.
Internal Vulnerability Scans
MF Bzone has a team of certified experts to perform internal and external vulnerability scans at the application and network layer. Moreover, we perform penetration tests on your scooped network, making sure that it meets client and PCI audit requirements. We take our client’s all the way to the remediation and compliance stage by not only issuing a report with vulnerabilities categorized as per CVE ratings but also perform re-scans until remediation are in place to get a clean report.
On site Audit Co-ordination for your Certification
Our team is on board throughout the client’s external audit and liaise with the auditor on their behalf, providing them with appropriate documents and answers.