SlideShare ist ein Scribd-Unternehmen logo

Alcumus ISOQAR PCIDSS Compliance Presentation

B
Bhargav Upadhyay
1 von 27
Downloaden Sie, um offline zu lesen
Alcumus® ISOQAR Leading the way in management system certification
Sovereign Capital Alcumus ISOQAR Alcumus Sypol Alcumus Drurry PSM Alcumus Info Exchange Alcumus Group
• Innovators: Continuous development to better support our customers • Experienced: We’ve been adding value for over 35 years • We deliver: Our customers stay with us 95%+ retention rates Alcumus – a true market leader 4 5000+ customers and 30% of FTSE 100 • Have confidence in working with Alcumus The market-leading provider of technology- enabled compliance risk management and certification services
Alcumus ISOQAR – key stats 6th position in the UK certification market Fastest – growing UK certification body Deliver more than 10,000 audit days per year £8.2M Revenue Auditing against more than 25 generic and sector specific standards 35% contribution to overall Alcumus revenues Network of 300+ IAN consultants Overseas network of 7 Critical locations servicing 2500 international clients 13% y-o-y growth 55 Auditors, 36 Contractors 35 – strong office based team
• Extensive range of solutions and services Alcumus overview 6 COSHH Software Training Certification HR Health & Safety Contractor Verification Leading compliance software • Used by 30% of FTSE 100 companies Leading UKAS Certification body • The fastest growing in the UK (60+ auditors) A clear leader in H&S management • Nationwide coverage (60+ consultants) • No. 1 for COSHH solutions (20+ specialists) Leading Property compliance • Most leading managing agents use us Leading HR solutions provider • Delivering services for over 30 years Leading Training provider (IRCA, IOSH, NEBOSH)
• Some of our customers Alcumus overview 7 Construction Manufacturing Engineering Oil & Gas Healthcare Retail / Property Public Sector Transport & logistics
• And some more… Alcumus overview 8
Our References ISOQAR India references : • Emerson • Knight Frank • SBI • Getronics • SERCO • Intelenet • Sparsh • JW Thompson • HITACHI • France Telecom- Orange • ISS • Sanofi Aventis • Prometric • R Systems International/ Indus • SunTec • ARANCA • ZENSAR • Reliance Industries • Phizer • Toyo • Alexander Mann • Diaggio • Heniken • Ministry of National Guard Health Affairs - KSA • Al Qassim Municipality • Al Imam University - KSA • UAE Exchange • Qatar University • Banque Saudi Franci • Cloud Pay • Getronics
ISOQAR is part of the Alcumus Group, a multi-discipline provider of risk management, compliance and certification services, operating throughout the UK and via a network of operations globally.
For over 20 years, we have assisted thousands of businesses of all shapes and sizes create competitive advantage
Auditors with over 2000 plus global audit experience
Why choose ISOQAR? n Technical capability - our expert auditor’s industry experience is matched to your organisation’s activities, enabling you to get the most out of your assessment. n The ALCUMUS ISOQAR brand - our reputation for integrity and approachability means that we offer a consistent and professional service, resulting in a practical and meaningful audit experience. n Global reach - besides having auditors located throughout the UK, we also have the capability to deliver certification audits internationally. n Rapid response - we specialise in providing audits and answering queries quickly and efficiently. “ A simplistic & direct approach to auditing that was appropriate to our industry 3
20000/22301/27001/31000/55000FSSC / BRC PCI DSS SSAE 16 TIA 942 A HIPAA/ HITRUST ( Initial stage)
What is PCI (Payment Card Industry) PCI is a family of data security standards that is intended to secure processing infrastructure of payment industry.  PCI DSS applies to any entity that processes, stores or transmits cardholder data  Consistent global standard applies to banks, merchants, service providers and gateways  PCI DSS applies to CREDIT and DEBIT cards
Introduction to PCI DSS • Joint effort of  VISA International  MasterCard Worldwide  American Express  Discover Financial Services  JCB • Managed by the PCI SSC on behalf of the Card Brands (Visa, MasterCard, AMEX, Discover and JCB) • Current version of standard is 3.1 (April 2015) • Includes 12 security requirements (approx. 300+ sub- requirements) • Grouped into six control objectives.
ISOQAR Product offering
Gap Assessment PCI DSS gap assessment, depending on the scope and size of the organization will normally be conducted in 3 days of onsite assessment. The deliverables of Gap Assessments will include: Detailed requirement wise gaps identified and The assessor recommendations in line with PCI requirements. Time frame: 3 days onsite + 1 week of gap assessment report writing Resources : 1 QSA + 1 Technical Consultant onsite Consultant offsite for 4 / 5 days for report writing QSA 2 days offsite for checking the report before releasing it to the client In case of large organizations like banks, service providers, BPOS with multiple sites/ locations the time frame can vary and so will be the costing
PCI DSS Audit and Certification Time frame: 3 - 5 days onsite 30 to 60 days of evidence collection 2 to 3 weeks of report writing ( ROC ) 1 week of report QA and comments remediation Resources : 1 QSA + 1 Technical Consultant onsite for 1 week ( 5 days ) QSA 15 – 20 days offsite for checking evidences and writing the report before releasing it to the QA QA 3 to 5 days for queries QSA 3/5 days for remediation of QA comments. Total time estimated from the date of audit till release of ROC will be 60 to 90 days depending on the client’s urgency. In case of large organizations like banks, service providers, BPOS with multiple sites/ locations the time frame can vary and so will be the costing
Remediation / Implementation Support In line with the gaps identified and the subsequent recommendations by the QSA, the ISOQAR technical team will assist the client in remediation support to become PCI DSS compliant. Time frame may vary depending on the client’s urgency to get compliant and the gaps identified i.e. 90 to 180 days. Resources : 2 Technical Consultants offsite under QSA guidance In case of large organizations like banks, service providers, BPOS with multiple sites/ locations the time frame can vary and so will be the costing
Support services Internal Vulnerability Assessments • Why required? • All PCI DSS certified companies will need these scan reports on a quarterly basis as mandated by PCI. • Costing: Depending on the number of devices and IPs to be scanned • Resources: 1 Technical Consultant onsite / offsite depending upon the requirement of the client.
Penetration Tests • Why required? • All PCI DSS certified companies will need these scan reports on a yearly basis as mandated by PCI. • Resources: 1 Technical Consultant onsite / offsite depending upon the requirement of the client.
Annual Review of Policy / Procedures and Risk Assessment Why required • All PCI DSS certified companies will need this Annual Review of Policy / Procedures and Risk Assessment on a yearly basis as mandated by PCI. • Resources: An experienced resources in ISMS and PCI
PCI DSS implementation training • Depending upon the clients need / as required experienced consultants will offer 3 days of “PCI DSS Implementation Training” onsite / offsite.
Beyond Certification Embracing best practice standards
Approach going forward
Alcumus Your Trusted Partner bhargavu@isoqarindia.com Inside Sales and Marketing +91 9033083100

Empfohlen

PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma
 
PCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should carePCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should care
Sean D. Goodwin
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
VISTA InfoSec
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...
John Baines
 
Card fraud and compliance training
Card fraud and compliance trainingCard fraud and compliance training
Card fraud and compliance training
ethnos
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overview
b28stu
 
Pcidss
PcidssPcidss
Pcidss
yazsapa
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
leon bonilla
 

Empfohlen

PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma
 
PCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should carePCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should care
Sean D. Goodwin
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
VISTA InfoSec
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...
John Baines
 
Card fraud and compliance training
Card fraud and compliance trainingCard fraud and compliance training
Card fraud and compliance training
ethnos
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overview
b28stu
 
Pcidss
PcidssPcidss
Pcidss
yazsapa
 
Pcidss qr gv3_1
Pcidss qr gv3_1Pcidss qr gv3_1
Pcidss qr gv3_1
leon bonilla
 
Webinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicableWebinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicable
VISTA InfoSec
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
Mohammad Makchudul Alam (Arif)
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Ariel Ben-Harosh
 
PCI-DSS explained
PCI-DSS explainedPCI-DSS explained
PCI-DSS explained
Edwin_Bos
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
Anton Chuvakin
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
okrantz
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
Duy Do Phan
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
sameh Abulfotooh
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
Kimberly Simon MBA
 
PCI DSS Basics - The Twelve Steps
PCI DSS Basics - The Twelve StepsPCI DSS Basics - The Twelve Steps
PCI DSS Basics - The Twelve Steps
Terra Verde
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dss
Vikrant Burbure
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
webhostingguy
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
HelpSystems
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
 
Pci dss v3-2-1
Pci dss v3-2-1Pci dss v3-2-1
Pci dss v3-2-1
leon bonilla
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault
 
Alcumus ISOQAR India Pvt. Ltd. Presentation
Alcumus ISOQAR India Pvt. Ltd. PresentationAlcumus ISOQAR India Pvt. Ltd. Presentation
Alcumus ISOQAR India Pvt. Ltd. Presentation
Palvi Shah
 
Alcumus ISOQAR India Pvt. Ltd. Presentation
Alcumus ISOQAR India Pvt. Ltd. PresentationAlcumus ISOQAR India Pvt. Ltd. Presentation
Alcumus ISOQAR India Pvt. Ltd. Presentation
Palvi Shah
 

Weitere ähnliche Inhalte

Was ist angesagt?

A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Ariel Ben-Harosh
 
PCI-DSS explained
PCI-DSS explainedPCI-DSS explained
PCI-DSS explained
Edwin_Bos
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
Anton Chuvakin
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
webhostingguy
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
HelpSystems
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
AlienVault
 

Was ist angesagt? (20)

Webinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicableWebinar - PCI DSS Merchant Levels validations and applicable
Webinar - PCI DSS Merchant Levels validations and applicable
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
 
PCI-DSS explained
PCI-DSS explainedPCI-DSS explained
PCI-DSS explained
 
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden WilliamsPCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
PCI DSS Done RIGHT and WRONG by Anton Chuvakin and Branden Williams
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
PCI DSS Basics - The Twelve Steps
PCI DSS Basics - The Twelve StepsPCI DSS Basics - The Twelve Steps
PCI DSS Basics - The Twelve Steps
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dss
 
Tizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.pptTizor_Data-Best-Practices.ppt
Tizor_Data-Best-Practices.ppt
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
 
Pci dss v3-2-1
Pci dss v3-2-1Pci dss v3-2-1
Pci dss v3-2-1
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
 

Ähnlich wie Alcumus ISOQAR PCIDSS Compliance Presentation

Alcumus ISOQAR India Pvt. Ltd. Presentation
Alcumus ISOQAR India Pvt. Ltd. PresentationAlcumus ISOQAR India Pvt. Ltd. Presentation
Alcumus ISOQAR India Pvt. Ltd. Presentation
Palvi Shah
 
Alcumus ISOQAR India Pvt. Ltd. Presentation
Alcumus ISOQAR India Pvt. Ltd. PresentationAlcumus ISOQAR India Pvt. Ltd. Presentation
Alcumus ISOQAR India Pvt. Ltd. Presentation
Palvi Shah
 
Alcumus ISOQAR India Pvt. Ltd. Corporate Presentation
Alcumus ISOQAR India Pvt. Ltd. Corporate PresentationAlcumus ISOQAR India Pvt. Ltd. Corporate Presentation
Alcumus ISOQAR India Pvt. Ltd. Corporate Presentation
Bhargav Upadhyay
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
Christopher Foot
 
BSI Brochure: Customer Contact Association Global Standard - Your partner for...
BSI Brochure: Customer Contact Association Global Standard - Your partner for...BSI Brochure: Customer Contact Association Global Standard - Your partner for...
BSI Brochure: Customer Contact Association Global Standard - Your partner for...
BSI British Standards Institution
 
Understanding the Medical device Single Audit Program (MDSAP) & How to Prepar...
Understanding the Medical device Single Audit Program (MDSAP) & How to Prepar...Understanding the Medical device Single Audit Program (MDSAP) & How to Prepar...
Understanding the Medical device Single Audit Program (MDSAP) & How to Prepar...
Greenlight Guru
 
Business assurance presentation_july_2012
Business assurance presentation_july_2012Business assurance presentation_july_2012
Business assurance presentation_july_2012
Valentino D'Sa
 
B&C - LRQA Corporate Presentation
B&C - LRQA Corporate PresentationB&C - LRQA Corporate Presentation
B&C - LRQA Corporate Presentation
Vishal Chavan
 

Ähnlich wie Alcumus ISOQAR PCIDSS Compliance Presentation (20)

Alcumus ISOQAR India Pvt. Ltd. Presentation
Alcumus ISOQAR India Pvt. Ltd. PresentationAlcumus ISOQAR India Pvt. Ltd. Presentation
Alcumus ISOQAR India Pvt. Ltd. Presentation
 
Alcumus ISOQAR India Pvt. Ltd. Presentation
Alcumus ISOQAR India Pvt. Ltd. PresentationAlcumus ISOQAR India Pvt. Ltd. Presentation
Alcumus ISOQAR India Pvt. Ltd. Presentation
 
Alcumus ISOQAR India Pvt. Ltd. Corporate Presentation
Alcumus ISOQAR India Pvt. Ltd. Corporate PresentationAlcumus ISOQAR India Pvt. Ltd. Corporate Presentation
Alcumus ISOQAR India Pvt. Ltd. Corporate Presentation
 
RCMG Corporate Profile
RCMG Corporate ProfileRCMG Corporate Profile
RCMG Corporate Profile
 
UL DQS India, Global Audit, Certification & Assessment Organization, company ...
UL DQS India, Global Audit, Certification & Assessment Organization, company ...UL DQS India, Global Audit, Certification & Assessment Organization, company ...
UL DQS India, Global Audit, Certification & Assessment Organization, company ...
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
 
Dqs company profile
Dqs company profileDqs company profile
Dqs company profile
 
Corporate presentation 18.02.2013
Corporate presentation 18.02.2013Corporate presentation 18.02.2013
Corporate presentation 18.02.2013
 
KEVIN ALBERT JOYCE PROPOSAL (1).pdf
KEVIN ALBERT JOYCE PROPOSAL (1).pdfKEVIN ALBERT JOYCE PROPOSAL (1).pdf
KEVIN ALBERT JOYCE PROPOSAL (1).pdf
 
Gradeon PCI Annual Validation.pptx
Gradeon PCI Annual Validation.pptxGradeon PCI Annual Validation.pptx
Gradeon PCI Annual Validation.pptx
 
What and Why of ISO9001
What and Why of ISO9001 What and Why of ISO9001
What and Why of ISO9001
 
BSI Brochure: Customer Contact Association Global Standard - Your partner for...
BSI Brochure: Customer Contact Association Global Standard - Your partner for...BSI Brochure: Customer Contact Association Global Standard - Your partner for...
BSI Brochure: Customer Contact Association Global Standard - Your partner for...
 
G&L Regulatory Affairs - Capabilities
G&L Regulatory Affairs - CapabilitiesG&L Regulatory Affairs - Capabilities
G&L Regulatory Affairs - Capabilities
 
G cloud presentation accreditcamp ii v2
G cloud presentation accreditcamp ii v2G cloud presentation accreditcamp ii v2
G cloud presentation accreditcamp ii v2
 
Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023
 
PECB Webinar: ISO Internal Audits - A signpost to ISO compliance
PECB Webinar: ISO Internal Audits - A signpost to ISO compliancePECB Webinar: ISO Internal Audits - A signpost to ISO compliance
PECB Webinar: ISO Internal Audits - A signpost to ISO compliance
 
Understanding the Medical device Single Audit Program (MDSAP) & How to Prepar...
Understanding the Medical device Single Audit Program (MDSAP) & How to Prepar...Understanding the Medical device Single Audit Program (MDSAP) & How to Prepar...
Understanding the Medical device Single Audit Program (MDSAP) & How to Prepar...
 
Business assurance presentation_july_2012
Business assurance presentation_july_2012Business assurance presentation_july_2012
Business assurance presentation_july_2012
 
B&C - LRQA Corporate Presentation
B&C - LRQA Corporate PresentationB&C - LRQA Corporate Presentation
B&C - LRQA Corporate Presentation
 
Total certificates around the world
Total certificates around the worldTotal certificates around the world
Total certificates around the world
 

Alcumus ISOQAR PCIDSS Compliance Presentation

  • 1. Alcumus® ISOQAR Leading the way in management system certification
  • 2.
  • 3. Sovereign Capital Alcumus ISOQAR Alcumus Sypol Alcumus Drurry PSM Alcumus Info Exchange Alcumus Group
  • 4. • Innovators: Continuous development to better support our customers • Experienced: We’ve been adding value for over 35 years • We deliver: Our customers stay with us 95%+ retention rates Alcumus – a true market leader 4 5000+ customers and 30% of FTSE 100 • Have confidence in working with Alcumus The market-leading provider of technology- enabled compliance risk management and certification services
  • 5. Alcumus ISOQAR – key stats 6th position in the UK certification market Fastest – growing UK certification body Deliver more than 10,000 audit days per year £8.2M Revenue Auditing against more than 25 generic and sector specific standards 35% contribution to overall Alcumus revenues Network of 300+ IAN consultants Overseas network of 7 Critical locations servicing 2500 international clients 13% y-o-y growth 55 Auditors, 36 Contractors 35 – strong office based team
  • 6. • Extensive range of solutions and services Alcumus overview 6 COSHH Software Training Certification HR Health & Safety Contractor Verification Leading compliance software • Used by 30% of FTSE 100 companies Leading UKAS Certification body • The fastest growing in the UK (60+ auditors) A clear leader in H&S management • Nationwide coverage (60+ consultants) • No. 1 for COSHH solutions (20+ specialists) Leading Property compliance • Most leading managing agents use us Leading HR solutions provider • Delivering services for over 30 years Leading Training provider (IRCA, IOSH, NEBOSH)
  • 7. • Some of our customers Alcumus overview 7 Construction Manufacturing Engineering Oil & Gas Healthcare Retail / Property Public Sector Transport & logistics
  • 8. • And some more… Alcumus overview 8
  • 9. Our References ISOQAR India references : • Emerson • Knight Frank • SBI • Getronics • SERCO • Intelenet • Sparsh • JW Thompson • HITACHI • France Telecom- Orange • ISS • Sanofi Aventis • Prometric • R Systems International/ Indus • SunTec • ARANCA • ZENSAR • Reliance Industries • Phizer • Toyo • Alexander Mann • Diaggio • Heniken • Ministry of National Guard Health Affairs - KSA • Al Qassim Municipality • Al Imam University - KSA • UAE Exchange • Qatar University • Banque Saudi Franci • Cloud Pay • Getronics
  • 10. ISOQAR is part of the Alcumus Group, a multi-discipline provider of risk management, compliance and certification services, operating throughout the UK and via a network of operations globally.
  • 11. For over 20 years, we have assisted thousands of businesses of all shapes and sizes create competitive advantage
  • 12. Auditors with over 2000 plus global audit experience
  • 13. Why choose ISOQAR? n Technical capability - our expert auditor’s industry experience is matched to your organisation’s activities, enabling you to get the most out of your assessment. n The ALCUMUS ISOQAR brand - our reputation for integrity and approachability means that we offer a consistent and professional service, resulting in a practical and meaningful audit experience. n Global reach - besides having auditors located throughout the UK, we also have the capability to deliver certification audits internationally. n Rapid response - we specialise in providing audits and answering queries quickly and efficiently. “ A simplistic & direct approach to auditing that was appropriate to our industry 3
  • 14. 20000/22301/27001/31000/55000FSSC / BRC PCI DSS SSAE 16 TIA 942 A HIPAA/ HITRUST ( Initial stage)
  • 15. What is PCI (Payment Card Industry) PCI is a family of data security standards that is intended to secure processing infrastructure of payment industry.  PCI DSS applies to any entity that processes, stores or transmits cardholder data  Consistent global standard applies to banks, merchants, service providers and gateways  PCI DSS applies to CREDIT and DEBIT cards
  • 16. Introduction to PCI DSS • Joint effort of  VISA International  MasterCard Worldwide  American Express  Discover Financial Services  JCB • Managed by the PCI SSC on behalf of the Card Brands (Visa, MasterCard, AMEX, Discover and JCB) • Current version of standard is 3.1 (April 2015) • Includes 12 security requirements (approx. 300+ sub- requirements) • Grouped into six control objectives.
  • 18. Gap Assessment PCI DSS gap assessment, depending on the scope and size of the organization will normally be conducted in 3 days of onsite assessment. The deliverables of Gap Assessments will include: Detailed requirement wise gaps identified and The assessor recommendations in line with PCI requirements. Time frame: 3 days onsite + 1 week of gap assessment report writing Resources : 1 QSA + 1 Technical Consultant onsite Consultant offsite for 4 / 5 days for report writing QSA 2 days offsite for checking the report before releasing it to the client In case of large organizations like banks, service providers, BPOS with multiple sites/ locations the time frame can vary and so will be the costing
  • 19. PCI DSS Audit and Certification Time frame: 3 - 5 days onsite 30 to 60 days of evidence collection 2 to 3 weeks of report writing ( ROC ) 1 week of report QA and comments remediation Resources : 1 QSA + 1 Technical Consultant onsite for 1 week ( 5 days ) QSA 15 – 20 days offsite for checking evidences and writing the report before releasing it to the QA QA 3 to 5 days for queries QSA 3/5 days for remediation of QA comments. Total time estimated from the date of audit till release of ROC will be 60 to 90 days depending on the client’s urgency. In case of large organizations like banks, service providers, BPOS with multiple sites/ locations the time frame can vary and so will be the costing
  • 20. Remediation / Implementation Support In line with the gaps identified and the subsequent recommendations by the QSA, the ISOQAR technical team will assist the client in remediation support to become PCI DSS compliant. Time frame may vary depending on the client’s urgency to get compliant and the gaps identified i.e. 90 to 180 days. Resources : 2 Technical Consultants offsite under QSA guidance In case of large organizations like banks, service providers, BPOS with multiple sites/ locations the time frame can vary and so will be the costing
  • 21. Support services Internal Vulnerability Assessments • Why required? • All PCI DSS certified companies will need these scan reports on a quarterly basis as mandated by PCI. • Costing: Depending on the number of devices and IPs to be scanned • Resources: 1 Technical Consultant onsite / offsite depending upon the requirement of the client.
  • 22. Penetration Tests • Why required? • All PCI DSS certified companies will need these scan reports on a yearly basis as mandated by PCI. • Resources: 1 Technical Consultant onsite / offsite depending upon the requirement of the client.
  • 23. Annual Review of Policy / Procedures and Risk Assessment Why required • All PCI DSS certified companies will need this Annual Review of Policy / Procedures and Risk Assessment on a yearly basis as mandated by PCI. • Resources: An experienced resources in ISMS and PCI
  • 24. PCI DSS implementation training • Depending upon the clients need / as required experienced consultants will offer 3 days of “PCI DSS Implementation Training” onsite / offsite.