PCI-DSS compliance covers the following areas:

  • Compliance of Payment Software Applications to PA-DSS

  • Operating Systems, Application Servers, Databases, Supporting Tools

  • Network

  • Office Access Control

  • SDLC, Operational and Administrative Processes and Policies

  • Change Control Management – Software, Network and Hardware

Entities that should be PCI-DSS certified include-

  • Processors

  • Card Issuers

  • Digital Issuance Platform

  • Tokenization server

  • Acquirers

  • Merchants

  • Payment SDKs

  • Card Embossing and Printing Vendors

  • PoS terminal manufacturers

  • PIN PAD Manufacturers

  • C POS Vendors

  • Mobile Devices supporting payments

Girmiti Software scope of PCI- DSS services includes –

  • Identify the areas impacted/affected by PCI-DSS within your organization

  • Application Software

  • Gap Analysis

  • Re-engineering

  • OWASP

  • Data Encryption

  • Data Access

  • Data Security Standards

  • Security Coding Standards

  • Comprehensive Testing including Scanning and Penetration Testing

  • OS, Web Server and DB level vulnerability checks and compliance

  • Access Control Checks

  • Process definition and implementation as required by PCI-DSS – Information Security policy, data access and retention policies

  • Definition and Implementation of Change Control Process

  • Training

  • Document Preparation, Evidence Preparation, Submission

  • Work with the certification authority for evaluation, remediation and ensure that the organization is PCI-DSS certified

For more information, please contact us at info@girmiti.com

Contact Us