Payment Card Industry (PCI) Compliance
Contextual Security is a PCI Qualified Security Assessor Company (QSAC), as recognized by the PCI Security Standards Council. We provide a full suite of services to assist our clients in meeting and maintaining PCI compliance year after year. Our QSAs, which are all dedicated employees (never subcontracted), have extensive experience working with a variety of organizations of all sizes. Our clients include large retailers, ecommerce organizations, service providers and energy cooperatives, to name a few.
Whether you are part of an organization that’s new to the PCI DSS and are trying to get a handle on how it applies to your systems and applications, one that’s just needing help completing their Self-Assessment Questionnaire (SAQ), or one that is required to go through a third party audit, Contextual Security can be your trusted partner.
Contextual Security, a PCI Qualified Security Assessor Company (QSAC), provides a full suite of services to assist our clients in meeting and maintaining their compliance with the Payment Card Industry Data Security Standard (PCI DSS) year after year. Whether its conducting a PCI DSS audit resulting in a Attestation of Compliance (A.O.C)/Report of Compliance (R.O.C.)/Self-Assessment Questionnaire (S.A.Q.), assisting customers with specific individual requirements found within the PCI DSS (e.g. Annual Penetration Test, Quarterly Scanning, Firewall & Router Configuration Reviews, Web Application Assessments, etc.), or simply providing PCI consulting for clients who are just now beginning to tackle compliance for the first time, Contextual Security consultants have you covered.
In addition, our illumino platform allows those responsible for the organizations compliance initiatives to have 24/7 visibility into the audits progress. Our illumino platform was developed out of a need to eliminate the disconnects and frustrations our customers have seen with other compliance consultancies, where issues or gaps in compliance were either not communicated effectively or not until it was too late. The illumino platform gives organizations the ability to quickly identify the status (Compliant, Not Compliant, Remediating, etc.) of each control/sub-control within the PCI DSS, including the information that was relied upon by the QSA to make the status determination. By making this information available 24/7, there are no surprises!
Lastly, at Contextual Security we encourage our clients to stay engaged with our QSA’s on a regular basis (e.g. monthly, bi-weekly, weekly calls) throughout the audit. This constant communication is aimed to reduce any last minute compliance gotcha’s that can arise in those organizations that are continuously refining their processes and procedures to better serve their customers.
Contextual Security doesn’t sub-contract QSA’s from other organizations. Contextual Security also doesn’t come onsite for a week for an initial review, then disappear for three months before re-engaging. That is a recipe for disaster.
We want to be your trusted security (and compliance) partner, and the only way to do that is to get to know your organizations goals and objectives, and stay involved in throughout the year. At Contextual Security, Solid Security Begins With Knowing. Excels by Doing.
Having used different IT GRC products in past, we feel Contextual Security's “illumino” has allowed us to better organize and simplify the numerous compliance controls along with roles and responsibilities to better organize and complete our audit requirements. With it’s any access platform, we can use this data anywhere-anytime to provide scheduled controls and evidence of those in a central tool, making us more consistent and productive. The fact we no longer wait to see reports and results or audits – now they are available as they are completed, almost in “real time”. The result is a less stressful completion and final delivery of Reports on Compliance, without the anxiety of not knowing or feeling incomplete. It’s refreshing to use a product that is built and understood by a team that not simply understands compliance, but is active and experts in security testing. I no longer dwell or doubt our ROC date goals, because of Contextual Security and 'Illumino'."
Due to numerous high profile data breaches, the board of directors of a large non-profit hospital became concerned about how they handle credit cards. After some internal discussions, hospital employees concluded that the hospital’s systems were adequately protected; however, their board insisted that they also undergo an audit. That’s when the hospital started taking a closer look at what their systems were doing and is also when they discovered that there’s more to their systems and business processes than they originally understood. In addition, there were already projects underway that would impact the network architecture and could have a significant impact on compliance objectives if there was a lack of proper consideration given for the intricacies of PCI compliance. Therefore, the hospital sought expert council from outside professionals that operate in payment card compliance. Through a collaborative effort between hospital executives, various departments of their operations staff, and third-party vendors, Contextual Security Solutions was able to effectively identify their compliance goals and suggest remediation activities that greatly reduced the hospital’s PCI scope, costs, and risks. As the hospital’s technology environment continues to evolve, Contextual Security Solutions continues to provide expert advice to ensure the hospital is adequately protected and compliant with the latest PCI standards. The hospital has made national headlines hundreds of times over the years for the miracles and accomplishments their doctors and patients achieve. It’s a true testament to how this hospital desires to operate, and we’re not only proud that none of this national attention has been the result of a payment card data breach, we’re committed to keeping it that way!
The Contextual Security Team was great to work with. Their plan of action was very thorough and reporting very detailed which provided us with suggestions on how to address areas of concern. I feel that we made the right discussion choosing Contextual Security.