PCI DSS Total Services
We offer a wide range of services related to PCI DSS
We, NTT DATA INTELLILINK Corporation, are both a "security specialist" and a "certified audit organization". Starting from auditing based on the original framework of PCI DSS to the latest version 4.0, we provide optimal proposals for each client, from "consulting" to "solutions," to "accreditation audits," and "maintenance support."
Three Strengths of NTT DATA INTELLILINK
Trust us for any work concerning PCI DSS!
Our experienced team of professionals, including expert QSAs, provides consistent support throughout the four processes.
"Consulting" - Understanding the status and formulating a plan
Through our PCI DSS compliance support consulting service, we provide total support from planning to final confirmation before audit by leveraging our experience and know-how of on-site PCI DSS audits as a QSA . This helps our clients to appropriately comply with the requirements of PCI DSS by following an optimal plan. Of course, we also provide partial services.
Details of Consulting Services
Compliance planning support
- Support for overall planning based on the current staffing plans, development/operation status, system upgrades, budgets, etc.
Gap Analysis
- Assessing the current status and identifying areas of non-compliance to PCI DSS using the same methods and points as for the main audit
- Conducting Gap Analysis focusing on requirements added or changed in Version 4.0
Test
- Web application diagnostics
Vulnerability assessment and problem identification for public web applications - Wireless Scanning
Identification testing of wireless devices from wireless analyzers and internal networks - Vulnerability Scanning
Internal and external network vulnerability scanning - Penetration Test
Penetration testing is performed for the network as well as application layer. We conduct simulated attacks to comprehensively identify weaknesses that cannot be found by vulnerability scans.
Assistance in formulating corrective action plans
- When a corrective action plan is to be developed for the areas of non-compliance identified in the gap analysis, we evaluate whether the corrective measures are appropriate, insufficient or excessive
Evaluation of implemented countermeasures
- We check whether the measures have been implemented as planned
Improvement actions "Solutions"
We offer various solutions to address the issues identified in gap analysis and testing of systems.
Details of solutions service
Examination and reporting for "Accreditation Audits"
As a QSA, we conduct on-site audits required to verify compliance to PCI DSS.
We offer maintenance support service wherein we check the daily compliance status and assist in early detection and resolution of problems.
Details of accreditation audit service
Final assessment
- Verification of scope
Verifying the scope of the on-site PCI DSS audit by understanding the network diagram and the nature of your business - Interview
Answer oral questions to understand your business and verify compliance with PCI DSS requirements - Document verification
Verification of documented procedures, standard documents, policy documents, records on the system, various control books, etc. - Examination of equipment configuration
Visual on-screen confirmation of settings for servers, network devices, etc. - Observation
On-site inspection of facilities and operational processes for system development, operations, business locations and data centers - Report submission
We prepare and submit the audit results, which contain a record of the items confirmed throughout the audit, in accordance with the format prescribed by the PCI SSC. We issue a signed Attestation of Compliance (AOC).
Post-audit support
- If non-conformities are found in the audit, we assess the status of corrective actions taken and reflect the same in the report
Certificate issued
- In addition to the Attestation of Compliance (AOC), NTT DATA INTELLILINK also issues its own certification logo and certificate when certain conditions are met
- The certification logo can be used on business cards, advertising materials, websites, etc., and the certificate can be displayed at office entrances, reception areas, etc.
- Depending on the number of standards certified by us, a star will be placed on the ribbon of the certification logo (up to 3 stars)
- Option -
We offer a "preliminary examination" to prepare for the main examination, a "debriefing session" after the main examination, and an optional "re-examination" in the unlikely event that the applicant fails the main examination.
We also provide "PCI PIN Security Compliance Support Services" for the secure management, processing, and transmission of PINs for payment transactions required at ATMs and POS machines and "P2PE Compliance Support Services" for P2PE solution providers and P2PE application vendors.
"Maintenance Assistance" under post-audit support
Even after compliance with PCI DSS is confirmed, it is not easy to maintain compliance as daily operations, system specifications, personnel, and many other things change.
Compliance needs to be reviewed once each year. In maintenance support, we conduct routine tests and gap analysis, respond to queries, and provide updates to help ensure that compliance is properly maintained and problems, if any, are identified and resolved as early as possible.
Details of maintenance support service
Routine testing
- We conduct all routine tests (vulnerability scan, penetration test, wireless scan) required by PCI DSS.
Routine gap analysis
- We conduct interviews and document review to identify actions that need to be implemented periodically to maintain PCI DSS compliance.
- ● Change control records ● Account management records ● Training implementation records ● Various system logs, etc.
Responding to queries
- QSAs answer questions and queries concerning PCI DSS compliance via email or web conference.
Provision of information
- We provide information on industry trends, such as updates to PCI DSS, revisions to related laws, and information on various international brands.
Related Information
Training
We also handle training related to PCI DSS.