Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
PCI Consulting Expertise That Streamlines Compliance Efforts
PCI DSS v4.0
If your organization accepts, stores or transmits cardholder data (CHD), it must comply with the PCI DSS standard. This requires annual validation/proof by most merchant processors and is a way of demonstrating that your environment is secure. Based on the number of card transactions you complete annually, you’ll need a self-assessment questionnaire OR an independent onsite audit. As standards and requirements evolve, maintaining compliance and performing assessments can become a yearly struggle.
PCI DSS Level 1 Merchant
Requires a Report on Compliance (ROC), completed by a Qualified Security Assessor (QSA) after a PCI DSS audit
PCI DSS Level 2 Merchant
Requires a Report on Compliance (ROC) OR appropriate Self-Assessment Questionnaire (SAQ) – there are nine different versions; the way your business handles payment card data determines the one you need
PCI DSS Level 3 Merchant
Requires appropriate Self-Assessment Questionnaire (SAQ)
Depending on your organization’s merchant level status (1, 2 or 3), PCI DSS Certification may be required by the PCI Council. Organizations need compliance management teams with significant PCI experience but finding staff with the requisite expertise can be daunting.
PCI Compliance is about to get even more complicated. Why? PCI DSS 4.0 brings even tighter controls, customized implementation, authentication, encryption and testing frequency.
End of March 2022
PCI DSS 4.0 goes live
QSAs can begin performing 4.0 assessments
PCI DSS v3.2.1 will be retired and no longer be compliance standard
Q3 2022 - Q4 2024
Implementation windows for all “evolving” controls
All “evolving” controls become mandatory
* Indicates the requirement is an “evolving requirement” mandatory in 2025
PCI DSS v4.0 introduces many industry-aligning requirements and new technical controls not seen in previous versions of the standard.
Addressing the unknown by identification of missing or under-addressed controls
Planning of scope reduction strategies and PCI compliance roadmaps
Assistance with remediation planning and execution
QSA experts to complete annual onsite assessments for SAQ, ROC and ROVs
For assistance meeting all the PCI DSS v4.0 requirements, contact us.
PCI DSS consulting services from Optiv can help minimize the cost and complexity of building, implementing and managing a PCI DSS program. We’re an extension of your onsite compliance team: pass critical and resource-intensive tasks to our team of PCI DSS experts. We’ll minimize the burden of PCI DSS compliance while aligning security requirements, technology and business goals to manage risk cost-effectively.
PCI DSS Consulting with Optiv
Turn your compliance efforts into a competitive advantage, improve decision-making, enhance agility and leverage business insights.
Our PCI DSS consulting services are part of our broader enterprise risk and compliance offerings that include services for standards and frameworks such as HIPAA, CCPA, GDPR, Sarbanes-Oxley, NIST CSF, ISO27001/2, cloud security compliance and more.
Through executive workshops, readiness reviews and a PCI risk assessment we will help your team be prepared for PCI compliance attestations certification.
Implementing remediation plans or PCI compliance strategies can take time. Clients often find it challenging to navigate through change windows, resource time and having the right tool to ensure compliance. PCI IT governance programs aid in compliance policies, procedures and maintenance schedules to ensure PCI compliance throughout the year and preparation for compliance assessments.
A robust program with reporting necessary for PCI annual compliance assessments, ASV scanning, application assessments and PCI penetration testing, and staff augmentation with expert QSAs.
Keeping pace with Payment Card Industry Data Security Standard (PCI DSS) compliance will require clients to follow daily, weekly, monthly, quarterly, semi-annual and annual maintenance procedures. PCI DSS has approximately 500 controls which the client will need to prove they meet each year. Optiv offers several services to help our customers meet their PCI compliance challenges.
Finding Gaps and Identifying Steps to PCI Compliance
An online service’s website needed a thorough review of its overall security environment to help ensure that it was compliant with PCI standards in preparation for future audits. See how the company worked with Optiv to review its current environment, help identify gaps and deficiencies and provide recommendations for remediation in this infographic. Learn more.
Achieving PCI Compliance and Protecting Customer Data
A restaurant chain collecting customer data with point-of-sale (POS) systems at more than 200 locations experienced a breach and needed to remediate for PCI compliance. Though their connection to the primary data center was secure, several POS systems were compromised with data-stealing malware. Read about how the company worked with Optiv to protect its network. Learn more.
PCI DSS is complicated. With Optiv’s PCI DSS Advisory Services, you’ll get the expertise and the confidence to:
PCI Compliance eBook
How’s your PCI program running? Is your PCI DSS compliance a yearly struggle? Go beyond checking boxes. Get some best practices for remediation, environment assessments, reporting and ongoing management.
PCI Compliance Checklist
With the security and regulatory landscape constantly changing, your organization could lack visibility into your PCI environment, leading to inaccurate scope and unidentified risk. Are you moving to the cloud or increasing reliance on third parties with limited staff experience? Constant regulatory changes contribute to gaps in PCI compliance management. Get a checklist of things to consider when reviewing or looking to implement a PCI program.
Secure Payment Lifecycle White Paper
Optiv encourages you to think beyond a PCI checklist and embrace a unique, holistic secure payment approach. Leveraging existing PCI compliance foundations and technology investments while incorporating leading cybersecurity best practices enables you to build a secure payment lifecycle. In addition to innately gaining compliance, SecurePayment@Optiv enables merchants to address consumer experience, data privacy and business-wide data protection challenges.
April 12, 2022
Our PCI Advisory Services can build around your specific context, helping you to untangle competing requirements from multiple regulations.
April 26, 2022
PCI DSS v4.0 permits the traditional method and a new customized approach. Organizations should consider which best suits their requirements.
The new Payment Card Industry Data Security Standard – version 4.0 – has been released. This post explores the details of the new standard.
April 05, 2022
Some companies should update to PCI DSS v4.0 now, while others should wait. This post features helpful details and advice on how to begin preparing.