Payment Card Industry (PCI) Assessment

The IBM Internet Security Systems (ISS) Payment Card Industry (PCI) Assessment service helps you determine your level of compliance with PCI, as well as validate your adherence to PCI requirements. This service includes:

• Pre-assessment testing and remediation. A customized gap assessment is performed to determine your current level of compliance with specific requirements of PCI Standard compliance.
• Annual onsite PCI assessment with report on compliance (ROC). This report delivers a comprehensive evaluation of your information security program according to PCI specifications for networks, servers and databases involved in the transmission, storage and processing of credit card data.
• Quarterly scanning services. Delivered four times a year, these services deliver detailed assessment data and tactical recommendations for maintaining compliance with PCI requirements and industry best practices. Includes a vulnerability assessment to help ensure and validate that proper security precautions are in place.
• Penetration testing. Demonstrates a real-life network attack to determine current vulnerabilities and analyze how attackers could significantly impact your business.
• Application security assessment for payment application providers. Validates credit card payment applications. As a Qualified Payment Application Security Company (QPASC), IBM ISS has met the requirements to perform these assessments.

PCI compliance from the experts
As one of the only vendors in the world certified to perform all PCI assessment services globally, IBM ISS can help guide you through the entire PCI compliance process. No matter where you are in the process, IBM ISS can help. IBM ISS can help you achieve compliance and even gain efficiencies in maintaining compliance. Our qualifications include:

• Qualified Security Assessor (QSA)
• Approved Scanning Vendor (ASV)
• Qualified Payment Application Security Company (QPASC)

Our security assessments are conducted by experts with in-depth experience in market and compliance requirements, and supported by intelligence derived from the IBM X-Force® research team, a world leader in security research and development.

A comprehensive PCI solution
IBM is the only vendor with solutions to address all 12 PCI requirements. This comprehensive set of solutions includes hardware and software products, as well as services, to help your organization meet the PCI requirements. These solutions can be scaled to meet your needs, whether you require a single IPS appliance or a full range of assessment and remediation services and software products.