pci auditing services - it solutions - it services - it
TRANSCRIPT
NetworkiNg SolutioNS
1 . 8 0 0 . i N S i g H t t i N S i g H t. c o m
PCI Auditing OverviewAs Qualified Security Assessor (QSA) for PCI, Insight offers auditing services to meet the needs of all North American companies that are required to validate compliance through a 3rd party assessment. This data sheet provides a detailed description of our services.
Our Proven MethodolgyInsight provides two options through which we can validate your compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). While it is recommended that all merchants engage in a Gap Analysis prior to starting an audit, Insight provides two options to validate compliance.
The first option is intended for those going through the audit for the first-time or who are unfamiliar with technology audits in general. It provides significantly more direction and assistance by allowing audit exceptions to remain open for sometimes extended periods (measured in weeks) of time while discovered deficiencies are remedied and items are reassessed.
The second option is intended for those who have previously been through a successful PCI audit, have a high-degree of certainty of their compliance status and maintain a mature audit preparation program. This option rewards these internal efficiencies with a less-intrusive audit, but at the risk of a one-pass audit: there is much less flexibility in holding the audit open while deficiencies are remediated.
In either approach, Insight will collect all of the information necessary to validate compliance according to the current PCI-DSS Assessment Procedures. This includes documentation reviews, interviews and direct observation of all 220+ requirements in the DSS. As the audit progresses, the compliance status of each requirement will be measured against your organizational controls are sufficient.
When all available data has been collected, reviewed and analyzed, Insight will prepare the Report on Compliance (RoC) as required by the DSS Assessment Procedures. Once you’ve reviewed the RoC and indicate your agreement with the accuracy of the findings, Insight will prepare the RoC, the Confirmation of Report Accuracy (CoRA) and other documents as necessary for submission.
Our product meets PCI requirements and follows the format mandated by the PCI Security Standards Council. Our assessor will remain at the ready to discuss our findings with card brands, your bank or your staff as necessary.
SuCCeSS StOrIeS
Insight has delivered its unique
blend of compliance management
services to a wide variety of
industries, including:
• State and municipal government
agencies
• High-tech companies
• Financial services industry
• Hospitality industry
• Manufacturing industry
• Logistics and transportation
industry
• Healthcare industry
• Retail industry
PCI Auditing Services
AbOut InSIght
Insight Networking is a strategic business unit of Insight, a technology solutions provider serving global and local clients in 170 countries. Today, thousands of clients, including more than 80 percent of the Global Fortune 500, rely on Insight to acquire, implement and manage technology solutions to empower their business. Insight provides software and licensing services globally. In addition, we offer a comprehensive portfolio which also includes networking, hardware and value added services for our clients in North America and the U.K. We are aggressively expanding our global capabilities by introducing new offerings, including hardware and services, to meet emerging needs for our clients worldwide. Insight is ranked No. 484 on the 2009 Fortune 500.
1 . 8 0 0 . i N S i g H t t i N S i g H t. c o m
Insight PCI Compliance Management Offerings • Insight PCI Gap Analysis • Insight PCI Scanning • Insight PCI Compliance Portal • Insight PCI Audit Service
Other Assessment and Compliance Offerings • Perimeter Security Assessments • Internet Security Assessment • Wireless Security Assessment • Remote Access Security Assessment • Firewall Policy & Configuration Analysis • Internal Security Assessments • Internal Risk & Vulnerability Assessment • Data Management Practices Assessment (DBAs) • Data Management Practices assessment (End users) • Web Application Security Assessment • Social Engineering Assessment • HIPAA Compliance Consulting • NERC CIP Compliance Consulting • GLBA/FFIEC Compliance Consulting • Network and Host Security Technology Design and Implementation • 24x7 Managed Network and Security Services
Comparison
Insight and the Insight logo are registered trademarks of Insight Direct USA, Inc. All other trademarks, registered trademarks, photos, logos and illustrations are the property of their respective owners. ©2009, Insight Direct USA, Inc. All rights reserved. Updated 5.09
First time Audit Subsequent Audits
basic Approach Data collection through interviews,
documentation reviews and direct
observation as mandated by the PCI-
DSS Assessment Procedures
Data collection through interviews,
documentation reviews and direct
observation as mandated by the PCI-
DSS Assessment Procedures
Deficiency Management
Audit deficiencies will be
communicated at the time of
discovery, and the RoC held open
until remedied. Depending on how
much time has elapsed and the extent
to which remediation impacts other
controls, revalidation of other controls
may be necessary, but is included in
the original scope.
Audit deficiencies will be noted, but
will result in a non-compliant RoC if
not remediated prior to completion of
the data collection effort. No additional
revalidation of other controls is
included.
evidence request Management
Providing insufficient or incorrect
evidence will result in audit
deficiency. Audit will be held open
while correct evidence is obtained.
Providing insufficient or incorrect
evidence will result in an audit
deficiency while other data collection
tasks continue. If evidence is not
submitted before audit phase
completes, a non-compliant RoC will be
submitted.
Audit timetable Management
Fluid timetables with possibility for
audit activities to pause possibly for
extended periods of time (measured
in weeks or even months)
Timetables are strictly adhered to.
Pricing entry Point $29,000/year $15,000/year