PCI Compliance

With one of the longest running PCI compliance practices in the industry, Drummond is ready to help you protect payment card data and ensure compliance. We offer a comprehensive range of PCI services, as well as advanced cybersecurity services, using proven methodologies to ensure your long-term success.

PCI DSS Assessment

The Payment Card Industry (PCI) Security Standards Council (SSC) is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of PCI Security Standards, including the Data Security Standard (DSS) and Payment Application Data Security Standard (PA-DSS) requirements. The PCI DSS was developed to encourage and enhance cardholder data security and facilitate broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data, and applies to all organizations that store, process or transmit cardholder data. The PCI Assessment consists of a PCI SSC Qualified Security Assessor (QSA) conducting onsite validation of an organization’s cardholder data environment for compliance with PCI DSS requirements. Drummond QSAs work with your organization to understand your cardholder data environment, determine the scope of the assessment, and select samples. During the assessment, we will conduct onsite validation that includes examining configuration settings and functionality of the selected sample of system components, observing processes, collecting evidence, validating physical security controls, conducting interviews with employees, and more. Offsite validation includes review of documentation, including policies and procedures, relevant records, review of submitted evidence, and remediation validation if applicable. At the end of the assessment, Drummond will provide an open item list that details requirements found to be out of compliance and actions needed in order to remediate. When all requirements are considered compliant, Drummond will deliver a Report on Compliance (ROC) and Attestation of Compliance (AOC).

PCI DSS Gap Analysis

The PCI DSS Gap Analysis is for organizations that want to identify gaps in PCI compliance prior to undertaking an assessment. During a detailed Gap Analysis, Drummond QSAs will collaborate with and guide your team towards identifying actions needed to remediate and meet compliance in a process including interviews, policy review, and evidence validation. The PCI Gap Analysis report will document identified gaps and immediate action items, as well as recommendations for closing each gap. Taking a prioritized approach on closing these gaps, your organization can be better prepared for the PCI assessment and simplify your remediation efforts.

PCI SAQ Validation & Advisory

The PCI Self-Assessment Questionnaire (SAQ) is used by small merchants and services providers that are not required to submit a Report on Compliance. The SAQ is designed as a self-validation tool to assess security for cardholder data. Drummond QSAs can assist you with understanding your scope, validating policies, processes, system configurations, and required evidence. We can also provide our expert guidance on answering the questions in the SAQ to ensure you are properly complying with the requirements and can be confident in the submission of your SAQ.

PA-DSS Assessment

PA-DSS is for Payment Application (PA) vendors that sell and distribute payment applications for the purpose of authorization and settlement to more than one customer, and that need their applications validated as PA-DSS compliant. Drummond PA-QSAs work with payment application vendor personnel such as product managers, developers, QA, technical support, and senior management, to identify the scope of the assessment and understand payment, security, and other functions impacting PA-DSS. During the assessment, Drummond PA-QSAs install the payment application in a PCI-compliant lab and test and validate the payment application. Further, Drummond can perform Change Analysis and eligible PA-DSS Delta Assessments for changes to payment application versions previously validated by Drummond.

PCI DSS Continuous Compliance

For organizations looking for assistance in planning, developing, managing, maintaining, and assessing PCI compliance throughout the calendar year. Annual PCI assessments are often very disruptive to business operations due to the amount of effort and human hours required to prepare and address issues and non-compliant findings. In order to minimize business interruptions and associated ‘fire drills’ often created during annual PCI assessments, Drummond has created its Continuous Compliance approach to assist with PCI compliance. Drummond QSAs will provide subject matter expertise in consultation, implementation, and assessment of the cardholder data environment. The program includes monthly, quarterly, semi-annual, and annual validation touch points to ensure that the organization addresses all requirements and maintains PCI compliance throughout the year.
This initiative is intended to greatly reduce the number of open items requiring remediation, will ensure that the organization is prepared for its annual assessment. Drummond’s Continuous Compliance consulting offers subject matter expertise, guidance, and recommendations for meeting PCI or PA-DSS compliance. Drummond QSAs will work with you to understand the environment and identify what is in PCI scope. From there, QSAs can make recommendations on scope reduction, counsel on policy and procedure requirements, make recommendations on how to implement technology in a compliant manner, and guide on personnel and process compliance matters.

PCI Consulting (Block Time)

Drummond also offers PCI consulting, providing subject matter expertise, guidance, and recommendations for meeting PCI or PA-DSS compliance. Drummond QSAs will work with you to understand the environment, and identify what is in scope. From there, QSAs can make recommendations on scope reduction, counsel on policy and procedure requirements, make recommendations on how to implement technology in a compliant manner, and guide on personnel and process compliance matters.

The People of Drummond
are here to help!

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, some from third-party services. Define your Privacy Preferences and/or agree to our use of cookies.