To assist in your individual compliance and regulatory requirements NGS Secure & Meridian can provide you with independent, professional audit & compliance advice and services to help ensure your organisation is operating efficiently, effectively and securely.

PCI DSS & PA-DSS

PCI DSS is a set of technical, procedural and physical security control requirements for organisations processing credit and debit card transactions. The standard was designed to protect consumer data by ensuring all organisations securely store, transmit and process customer data to prevent theft or loss. All organisations that electronically hold, transmit or process credit card information, regardless of how that information was acquired, need to comply with the standard.

PA-DSS applies to any organisation which develops payment applications that store, process or transmit cardholder data as part of authorisation or settlement where these payment applications are sold or distributed by third parties. Payment software vendors need to comply with the requirements of PA-DSS in order for merchants to use their products to process credit card transactions.

As a Qualified Security Assessor (QSA) for PCI DSS and PA-DSS, and a PCI Approved Scanning Vendor (ASV) we are ideally placed to help you achieve and maintain either levels of compliance.

ISO 27001

ISO 27001 is the information security standard that is the benchmark for global best practice. Having achieved the certification ourselves, we know the certification process well. This means that, not only do we practise what we preach, but we also have invaluable experience of what is required to bring an organisation into line with an internationally accepted security standard – from the organisation’s perspective, not simply as advisors.

Our lead auditors will guide you through the necessary processes and paperwork and carry out pre-audit reviews to ensure all involved are confident before the final certification audit. We also work closely with you to define information security policies and procedures and to conduct awareness programmes.

Financial Compliance Services

When manufacturing and/or personalising payment cards, security is paramount. Any failings in your systems could compromise that security with potentially catastrophic results for your business.

With many years' experience of working with operations across the globe, our experienced team can be on site with you, wherever you are in the world, to guarantee that your security measures are both compliant and secure. As a service provider to both MasterCard and Visa, we provide industry respected advice on all areas of logical and physical security audits for Payment Card Scheme Certification. We have a reputation for providing the very best service, and we will make sure that your reputation matches ours.

Payment Card Certification Audits

To gain payment scheme certification you will need to be able to demonstrate compliance to the following areas of the Payment Card Scheme's requirements.

Physical Security External & Internal Facility Security Physical Locks/Keys CCTV Systems Access Procedures & Policies Security Devices Physical Card Access System High Secure Area Duress Button & Intruder Alarms

Logical Security Roles and Responsibilities Security Management System IT Software & Hardware Security Risk Management & Incident Reporting Data access Authorisation & Maintenance Network Security Data Security Key Management

Over The Air Audits

Already proving popular in many markets, OTA (Over The Air) transactions are set to form a big part in the future of the technology and finance industry. Both MasterCard and Visa have launched OTA provisioning, enabling issuers to personalise their Cardholders’ mobile devices in a one step process. Those mobile devices can then be used to perform payment transactions at merchant locations with enabled contactless Point of Sale terminals. We offer initial and re-certification audits to those companies wishing to take advantage of this new market and to provide OTA provisioning.

Compliance Frameworks

Integrated Audits

We operate in a world where verification of best practice is becoming more and more important. This means that organisations find themselves under increasing commercial pressure to hold multiple certifications and this often means increased internal and external audits and associated financial and time costs. We aim to assist clients in reducing this burden by harmonising internal audits and reduce duplication within our clients’ management systems and compliance processes. We can also assist with implementation of objectives in line with clients’ overall compliance and certification strategy.

Regulatory Compliance (DPA, FSA, Basel II)

Compliance demands have increased on organisations in recent years and that’s why a systematic and strategic approach is now fundamental to long-term business success. To assist organisations in complying with the Data Protection Act (DPA) ,FSA and Basel II  we can provide independent, professional advice to help ensure your organisation is operating efficiently, effectively and securely.

GCSx Code of Connection (CoCo)

The Government Connect Secure Extranet (GCSx) is a key enabler in the drive to transform services via solutions that provide secure communication capabilities. Local authorities plan to join this community and to deliver secure electronic services to the public. In order to assure the integrity of the network, the GCSx CoCo requires penetration testing and suggests vulnerability scanning as part of an IT HealthCHECK.  Using our extensive experience of working with Government secure networks such as GCSx, GSx, GSi and GCJx, and as a CHECK accredited tester, our IT HealthCHECKs provide valuable information on the risks of the IT assets and how they are being managed.

To find out more:

visit

www.ngssecure.com or www.msiaudit.com

call

+44 (0) 161 209 5111 or +44 (0) 161 209 5170