PCI-DSS compliance covers the following areas:

• Compliance of Payment Software Applications to PA-DSS

• Operating Systems, Application Servers, Databases, Supporting Tools

• Network

• Office Access Control

• SDLC, Operational and Administrative Processes and Policies

• Change Control Management – Software, Network and Hardware

Entities that should be PCI-DSS certified include-

• Processors

• Card Issuers

• Digital Issuance Platform

• Tokenization server

• Acquirers

• Merchants

• Payment SDKs

• Card Embossing and Printing Vendors

• PoS terminal manufacturers

• PIN PAD Manufacturers

• C POS Vendors

• Mobile Devices supporting payments

Girmiti Software scope of PCI- DSS services includes –

• Identify the areas impacted/affected by PCI-DSS within your organization

• Application Software

• Gap Analysis

• Re-engineering

• OWASP

• Data Encryption

• Data Access

• Data Security Standards

• Security Coding Standards

• Comprehensive Testing including Scanning and Penetration Testing

• OS, Web Server and DB level vulnerability checks and compliance

• Access Control Checks

• Process definition and implementation as required by PCI-DSS – Information Security policy, data access and retention policies

• Definition and Implementation of Change Control Process

• Training

• Document Preparation, Evidence Preparation, Submission

• Work with the certification authority for evaluation, remediation and ensure that the organization is PCI-DSS certified

For more information, please contact us at info@girmiti.com