Phyonis Limited

InfoSec, Data Protection and PCI Consultancy — Private Tuition in Maths and Physics

Payment Card Industry (PCI) Expertise

Services include:

Gap Analyses – Reviewing business systems and organisational processes for compliance with the PCI Data Security Standard (DSS) mandatory requirements and identifying non-compliant gaps and weaknesses.

Gap Treatment Plan – Planning remediation activities and projects to bring businesses into compliance making use of the PCI prioritised approach.

Liaison with Acquirers and Card Brands – Advising, supporting and leading regular reporting, communications and presentations on behalf of clients.

Risk Assessments – Conducting detailed cyber security risk assessments in relation to payment card data processing, storage and transmission.

Information Security Policies and Procedures – Formulating and documenting enterprise security policies (including baseline security controls) and procedures which harmonise with the mandatory requirements of the PCI DSS.

Mapping Business Processes – Analysing and documenting processes which relate to the acceptance, processing, storage and transmission of payment card data.

Security Architecture of PCI Systems, Applications and Infrastructure – Reviewing proposed architectural solutions to PCI DSS challenges.

Requirements and High-level Design of PCI Systems – Providing strategic advice on the design of systems that store, process and / or transmit payment card data.

Hands-on PCI Readiness Audits – Conducting PCI readiness audits and providing training on how to respond to formal PCI audits.

PCI Awareness Training – Giving presentations and delivering personal training, mentoring and coaching in all aspects of PCI DSS compliance.

Third-Party Evaluations – Reviewing and assessing the security position of third-party providers in the payment card processing supply chain.

Evaluating Supplier Tooling – Assessing the merits, worth and cost-effectiveness of various PCI tools and systems. For example: payment card search tools, security event monitoring, logging and alerting tools and systems.

Design and Implementation of Compensating Controls – Designing and establishing appropriate compensating controls to meet compliance targets wherever strict adherence to PCI mandatory requirements cannot be fully achieved.

Security Incident Management – Acting as a key member of the incident management team, drawing upon a wide variety of organisational expertise (e.g. physical security, access controls, monitoring, data protection, legal and communications teams).

Right click is disabled