Even if it isn't required by the Payment Card Industry (PCI) for your organization, an onsite audit is an important step in ensuring you are maintaining effective security practices.
Cybertrust's PCI On-Site Compliance Assessment will provide you with an overview of the effectiveness of the security controls you have in place, including adherence to the PCI requirements that safeguard the integrity of your customers' non-public information and records.
Your PCI On-Site Assessment will verify and assess the effectiveness of several required, high-level security measures such as:
- Ensuring you have a working firewall to protect data.
- Ensuring your security patches are up-to-date.
- Ensuring your stored data is adequately protected.
- Verifying all data sent across public networks is encrypted.
- Making sure anti-virus software is being used and is updated regularly.
- Restricting all access to sensitive data on a "need to know" basis.
- Verifying the use of unique user IDs for each person on the network.
- Verifying that all vendor-supplied defaults for passwords and security parameters have been changed.
- Tracking access to data by unique ID.
- Ensuring all security systems and processes are tested regularly.
- Reviewing established information security policies and ensuring it is kept current.
- Verifying the restriction of physical access to data.
Cybertrust will also provide remediation advice for those actions items discovered during the audit, as well as ensure you understand the initial compliance reports generated upon completion of your assessment.
