Why Service Providers Require PCI DSS Services

The solutions offered by service providers often improve or remove their client’s requirements for in-house payment technology or provide real-time processing at various key stages during the flow of transactions; allowing their merchants to concentrate on their front room business.

By the very nature of this business they must often store, process or transmit large quantities of credit card details. With so much credit card information flowing through their systems, it is vital that high levels of information security are maintained. Gaining PCI DSS compliance is increasingly a business driver. PCI DSS compliant service providers are advertised as a certified organisation on the payment scheme websites demonstrating to both their clients and potential clients that their transaction services are secure.

Services offered
For Service Providers Sysnet offer a complete service to validate compliance with the PCI Data Security Standard.
We follow a simple three-step methodology to assist service providers in gaining compliance. Note – The following information is a snap shot overview of Sysnet’s methodology. More detailed information about Sysnet’s methodology is available on request.
Step 1. Gap Analysis against the PCI DSS
The purpose of the gap analysis is to examine your organisations current level of information security in relation to the requirements of the PCI DSS. The deliverable of step 1 is a gap analysis report divided into twelve sections representing each of the twelve sections in the PCI DSS. For each section the report will identify where current controls within your organisation meet the PCI DSS and also highlight where existing controls fall short of the PCI DSS. The Gap analysis report will also present recommendations and available solutions for any non-compliant issues your organisation might face. Following delivery of the gap analysis report the agreed requirements going forward are expressed in a detailed implementation plan that is produced by Sysnet following a workshop presentation and discussion of the gap analysis report findings with your organisation.
Step 2. Supervised Implementation Work
The implementation work involves following the agreed implementation plan and closing the gaps discovered during the gap analysis step of the project. Commonly this involves producing missing documentation and procedures and installing IT security technologies to meet the specific requirements of the PCI DSS. However as part of the service, Sysnet certified information security professionals will be available at all times to offer advice and to review any information security procedures or documentation that is produced for PCI DSS purposes. If required Sysnet can recommend relevant technologies or solutions for specific PCI related requirements. Additionally where suitable Sysnet can provide template policy and procedural documentation that you can edit to suit the specific requirements of your organisation saving time and additional expense. 
 Step 3. Official Audit and PCI DSS sign – off
The official PCI DSS audit involves a Sysnet Qualified Security Assessor (QSAP) examining your organisations information security controls in detail against each section of the PCI DSS. Following the audit Sysnet provides full documentation of the audit, including an official Sysnet report recommending PCI compliance. To conclude Sysnet will report to the relevant Payment Schemes to verify your certification and ensure your organisation is listed on all relevant web sites. As a confirmation of PCI compliance, Sysnet will award your organisation with an official Sysnet secured compliance certificate and a logo that can be branded on your website.