alcumus isoqar pcidss compliance presentation
TRANSCRIPT
• Innovators: Continuous development to better support our customers
• Experienced: We’ve been adding value for over 35 years
• We deliver: Our customers stay with us 95%+ retention rates
Alcumus – a true market leader
4
5000+ customers and 30% of FTSE 100
• Have confidence in working with Alcumus
The market-leading provider of technology-enabled compliance risk management and
certification services
Alcumus ISOQAR – key stats
6th position in the UK
certification market
Fastest –growing UK certification
body
Deliver more than 10,000
audit days per year
£8.2M Revenue
Auditing against more
than 25 generic and
sector specific standards
35% contribution to overall Alcumus
revenues
Network of 300+ IAN
consultants
Overseas network of 7 Critical locations servicing 2500
international clients
13% y-o-y growth
55 Auditors, 36 Contractors 35 –
strong office based team
• Extensive range of solutions and services
Alcumus overview
6
COSHH
Software
Training
Certification
HR
Health & Safety
Contractor Verification
Leading compliance software• Used by 30% of FTSE 100 companies
Leading UKAS Certification body• The fastest growing in the UK (60+ auditors)
A clear leader in H&S management• Nationwide coverage (60+ consultants)• No. 1 for COSHH solutions (20+ specialists)
Leading Property compliance• Most leading managing agents use us
Leading HR solutions provider• Delivering services for over 30 years
Leading Training provider (IRCA, IOSH, NEBOSH)
• Some of our customers
Alcumus overview
7
ConstructionManufacturing
EngineeringOil & Gas Healthcare
Retail / Property
Public SectorTransport &
logistics
Our References
ISOQAR India references :
• Emerson• Knight Frank• SBI• Getronics• SERCO• Intelenet• Sparsh• JW Thompson• HITACHI• France Telecom- Orange• ISS• Sanofi Aventis• Prometric• R Systems International/ Indus• SunTec• ARANCA• ZENSAR
• Reliance Industries
• Phizer
• Toyo
• Alexander Mann
• Diaggio
• Heniken
• Ministry of National Guard Health Affairs - KSA
• Al Qassim Municipality
• Al Imam University - KSA
• UAE Exchange
• Qatar University
• Banque Saudi Franci
• Cloud Pay
• Getronics
ISOQAR is part of the Alcumus Group, a multi-discipline provider of risk management, compliance and certification services, operating throughout the UK and via a network of operations globally.
For over 20 years, we have assisted thousands of businesses of all shapes and sizes create competitive advantage
Why choose ISOQAR?
n Technical capability - our expert auditor’s industry experience is matched to your
organisation’s activities, enabling you to get the most out of your assessment.
n The ALCUMUS ISOQAR brand - our reputation for integrity and approachability
means that we offer a consistent and professional service, resulting in a practical and meaningful audit
experience.
n Global reach - besides having auditors located throughout the UK, we also have the
capability to deliver certification audits internationally.
n Rapid response - we specialise in providing audits and answering queries quickly and
efficiently.
“
A simplistic & direct approach to auditing that was appropriate to our industry3
What is PCI (Payment Card Industry)
PCI is a family of data security standards that is intended to secure processing infrastructure of payment industry.
PCI DSS applies to any entity that processes, stores or transmits cardholder data
Consistent global standard applies to banks, merchants, service providers and gateways
PCI DSS applies to CREDIT and DEBIT cards
Introduction to PCI DSS• Joint effort of
VISA International
MasterCard Worldwide
American Express
Discover Financial Services
JCB
• Managed by the PCI SSC on behalf of the Card Brands
(Visa, MasterCard, AMEX, Discover and JCB)
• Current version of standard is 3.1 (April 2015)
• Includes 12 security requirements (approx. 300+ sub-requirements)
• Grouped into six control objectives.
Gap Assessment
PCI DSS gap assessment, depending on the scope and size of the organization will normally be conducted in 3 days of onsite assessment.
The deliverables of Gap Assessments will include:Detailed requirement wise gaps identified and The assessor recommendations in line with PCI requirements.
Time frame: 3 days onsite + 1 week of gap assessment report writing Resources : 1 QSA + 1 Technical Consultant onsiteConsultant offsite for 4 / 5 days for report writing
QSA 2 days offsite for checking the report before releasing it to the client
In case of large organizations like banks, service providers, BPOS with multiple sites/ locations the time frame can vary and so will be the costing
PCI DSS Audit and Certification
Time frame: 3 - 5 days onsite 30 to 60 days of evidence collection 2 to 3 weeks of report writing ( ROC )1 week of report QA and comments remediation Resources : 1 QSA + 1 Technical Consultant onsite for 1 week ( 5 days )QSA 15 – 20 days offsite for checking evidences and writing the report before releasing it to the QAQA 3 to 5 days for queriesQSA 3/5 days for remediation of QA comments.Total time estimated from the date of audit till release of ROC will be 60 to 90 days depending on the client’s urgency.
In case of large organizations like banks, service providers, BPOS with multiple sites/ locations the time frame can vary and so will be the costing
Remediation / Implementation Support
In line with the gaps identified and the subsequent recommendations bythe QSA, the ISOQAR technical team will assist the client in remediationsupport to become PCI DSS compliant.
Time frame may vary depending on the client’s urgency to get compliantand the gaps identified i.e. 90 to 180 days.
Resources : 2 Technical Consultants offsite under QSA guidance
In case of large organizations like banks, service providers, BPOS withmultiple sites/ locations the time frame can vary and so will be thecosting
Support services
Internal Vulnerability Assessments
• Why required?
• All PCI DSS certified companies will need these scan reports on a quarterly basis as mandated by PCI.
• Costing: Depending on the number of devices and IPs to be scanned
• Resources: 1 Technical Consultant onsite / offsite depending upon the requirement of the client.
Penetration Tests
• Why required?
• All PCI DSS certified companies will need these scan reports on a yearly basis as mandated by PCI.
• Resources: 1 Technical Consultant onsite / offsite depending upon the requirement of the client.
Annual Review of Policy / Procedures and Risk Assessment
Why required
• All PCI DSS certified companies will need this Annual Review of Policy / Procedures and Risk Assessment on a yearly basis as mandated by PCI.
• Resources: An experienced resources in ISMS and PCI
PCI DSS implementation training
• Depending upon the clients need / as required experienced consultants will offer 3 days of “PCI DSS Implementation Training” onsite / offsite.
AlcumusYour Trusted Partner
[email protected] Sales and Marketing+91 9033083100