PCI for Small and Medium-Sized Businesses
Based on common information security best practices, the PCI DSS (Payment Card Industry Data Security Standard) is applicable to any organisation processing payment card data.
Filling in an SAQ (self-assessment questionnaire) can help SMEs prove they meet the 12 PCI DSS requirements and achieve compliance.
Supporting you to complete an SAQ
Our all-inclusive PCI DSS assistance programme helps SMEs complete an annual SAQ and achieve PCI compliance in a cost-effective and hassle-free manner. The service includes expert consultancy support, approved quarterly scans, staff training resources and PCI policies and procedures, making PCI certification fast and simple.
This affordable package includes:
Expert advice and assistance
As an approved Qualified Security Assessment (QSA) company, we can help you identify the right SAQ to complete and provide the appropriate support and advice to achieve full compliance with the PCI DSS. You will have direct access to our QSA team, providing the support you need as and when you require it.
- Get expert QSA assistance with the SAQ and other requirements.
- Determine the gaps between your compliance efforts and the Standard.
An online PCI SAQ
An SAQ is a document that merchants processing less than 6 million transactions annually are required to complete every year and submit to their acquiring bank. Taking the SAQ with us is the quickest way to find out what you need to do to become PCI compliant, with expert help at every stage.
- Our intuitive web-based application guides merchants through every step of the PCI SAQ.
- Each question is accompanied by expert advice to help the merchant interpret and appropriately answer each question.
PCI project implementation tools and policies
Designed by a leading QSA, our documentation toolkit contains all the expert guidance, advice and fully customisable documentation templates you will need to keep your payment card operations running smoothly and securely. It contains:
- A gap analysis tool, which will help organisations set their perimeters and identify the scope of the project; and
- All the policies and work instructions you need to achieve compliance with the Standard.
HackerGuardian vulnerability scans
Our HackerGuardian Scanning Service is a vulnerability assessment scanning solution designed to identify website vulnerabilities and, where relevant, to achieve and maintain PCI compliance. Website and network administrators have complete control over their scanning service and use a secure online console to schedule and run scans.
- Run scans easily and get the reports you need to submit for PCI compliance.
- Backed by Comodo, a PCI Approved Scanning Vendor (ASV).
Why buy the PCI DSS support contract for SMEs?
- Responsive service - IT Governance is an authorised QSA (Qualified Security Assessor) and regularly performs on-site audits for a variety of clients across multiple sectors. We can advise you on the most challenging aspects of PCI DSS compliance, tailored to your business needs and budget. We are not associated with any product vendor and all our advice is independent.
- Save time and money - The PCI DSS Documentation Toolkit provides a complete set of easy-to-use, customisable and fully PCI-compliant documentation templates, and helpful project tools to ensure complete coverage of the Standard.
- Become your own expert - In addition to ASV scanning, we have a number of other tools, including:
- A gap analysis tool to check your organisation’s progress towards compliance;
- A PCI dashboard to keep track of all your documents in one place; and
- A document analysis tool to ensure all required documentation is created.
Why choose IT Governance for PCI consultancy?
Our services provide a tailored route to PCI compliance, scalable to your budget and needs.
We go further than a simple ‘yes/ no’ approach to understand better how security measures work.
We work in partnership to help you understand what is required and why giving you control.
We can offer expertise to vet compensating controls and determine whether they are acceptable.
Speak to an expert
For more information about the PCI DSS and what your organisation needs for compliance, please get in touch with one of our experts, who will be able to advise you further.