The Route to Certification

The route to certification comprises a number of stages, typically:

Gap Analysis

Teamwork will review the current situation against PCI DSS to identify to what extent existing controls, policies and business processes are effectively implemented and what gaps are present and need to be addressed. A detailed report identifies clearly what needs to be done and by whom, with appropriate timescales and recommendations for resources.

Compliance Programme Management

Following Gap Analysis, we prepare a list of actions to be taken. Once these are agreed, we project manage the entire compliance programme for you, driving the implementation programme activities to ensure successful outcomes. This includes working with you, providing expert technical advice and guidance on information security management issues, producing key deliverables such as new policies, procedures or the implementation or configuration of necessary technology.

Penetration Testing and Scanning (ASV) Services

Teamwork offers Penetration Testing & Approved Scanning Vendor (ASV) services. We provide strong security assessment and systems assurance services and are able to deliver high quality feedback about your vulnerabilities and exposures. Both ASV and Penetration Testing services are consultancy led. This means that we can eliminate any false positives, and ensure that any testing assignment is fully structured to your business requirements.

Assessment

Teamwork QSAs will carry out compliance audits (and pre-audits) to produce Reports on Compliance (ROCs) or Self Assessment Questionnaires (SAQs) and to complete the necessary Attestation of Compliance (AOC). Where non-compliances are identified, Teamwork will assist with remedial action planning as necessary to help you to achieve a compliant status in the most straightforward way possible.

Maintaining Compliance

Once compliance to the PCI DSS has been achieved, Teamwork can provide consultancy services under a managed service contract to help your organisation continue to comply with the requirements. Teamwork can outsource activities such as log or device configuration reviews and can assist with regular auditing to ensure documentation and processes remain up to date and effective. We can manage your regular mandatory activities including PEN testing and Vulnerability scanning. With a well managed and maintained system, recertification becomes straightforward.