Retail / Commerce
Solutions designed to meet the ever-changing Retail/Commerce security & compliance landscape.
Navigating the Payment Card Industry
Whether you are new to the PCI DSS process, need help completing a Self-Assessment Questionnaire (SAQ) or are required to go through a third-party audit, Contextual Security Solutions is your trusted partner.
Since 2012, Contextual Security Solutions has been a PCI Qualified Security Assessor Company (QSAC) recognized by the PCI Security Standards Council. We provide a full suite of services to assist our clients in meeting and maintaining PCI compliance at all levels. Our Qualified Security Assessors (QSAs), which are all dedicated internal employees (never subcontracted), have extensive experience working with organizations of all sizes. Our clients include large retailers, ecommerce organizations, service providers, energy cooperatives and others.
Services and Solutions Specific to Your Industry
PCI DSS Gap Analysis (ROC's & SAQ's)
Self-Assessing? Preparing for a Third-Party Audit?
Maybe you have no idea what “Level 1” means. Maybe you have just gotten a letter from your acquiring bank telling you that you need to fill out a SAQ. Maybe you aren’t really sure where your cardholder data is, let alone how to be compliant with the PCI DSS standards. For all of these and more, our PCI DSS Gap Analysis engagement is focused on helping customers find out where they are, their scope, and their delta to a compliant status.
Our reports go deeper than the competition, giving you a clear picture of not only what your gap to compliance looks like, but also a heading to how to prioritize and breakdown completing getting there.
Working in verticals from energy, e-commerce, retail, grocery, you name it, we can help you achieve an excellent foundation of compliance, and partner with you on a journey toward a safer and more compliant organization.
Level 1 Third-Party Audits and Attestation
Experience Matters
For over a decade (since 2012) we've helped organizations meet their third-party PCI DSS reporting requirements (ROC's and AOC's). In addition to maintaining a solid understanding of the ever-evolving Payment Card Industry Data Security Standards (PCI DSS), now on Version 4.0, our team of QSA's all have strong technical backgrounds in network architecture and cyber security. So, whether it's a question regarding how your organization's Interactive Voice Response (IVR) system impacts the scope of your card holder data environment (CDE), what's the most effective way to meet the segmentation testing requirements in Requirement 11, or what the level of detail required to meet the policy and procedure requirements found throughout the PCI DSS, you'll have a team of experts ready to help your organization with your unique needs.
PERIGON360 | Remote Site Reports
PERIGON360: Compliance Engine
Our Perigon360 platform gives customers visibility into key audit statuses, metrics, and controls, allowing insight into the dynamics of the report status. Meaningful charts and graphs give you the information you need to be informed on your project status and answer questions that plague clients on every yearly audit.
Remote Site Reporting (RSR's)
Do you ever wonder how your remote locations figure into your compliance journey? We don’t wonder, we find out and we have a way to represent each of these locations, and compliance elements, with trends, in our Location Audit Report. Whether it’s wifi standards, card processing terminals, or door locks and cameras, we identify your points of defense, areas of weakness, and make connections based on trends. Audit history shows year-over-year improvement with tailored results based on your vertical.
Security Tasks Cadence - Retail Industry
Solidify your information security program through the consistent execution of applicable security & compliance tasks.
PCI DSS 4.0 includes a number of tasks that are required to be performed following a defined cadence. Depending on the scope of your organizations cardholder data environment (CDE), some or all of the following must be performed:
PCI DSS Tasks to be performed at least Quarterly
Wireless Access Testing | Testing, detection, and identification of authorized and unauthorized wireless access points occurs at least once every three months.
Internal Vulnerability Scans | Internal vulnerability scans are performed at least every three months.
External Vulnerability Scans | External vulnerability scans are performed at least every three months.
PCI DSS Tasks to be performed at least every Six Months
Firewall Configurations Review | Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective.
PCI DSS Tasks to be performed at least Annually
Penetration Testing | External and internal penetration testing is regularly performed, and exploitable vulnerabilities and security weaknesses are corrected.
Segmentation Testing | If segmentation is used to isolate the CDE from other networks, penetration tests are performed on segmentation controls at least once every 12 months and after any changes to segmentation controls/methods.
Risk Assessment | Risks to the cardholder data environment are formally identified, evaluated, and managed.
Security Awareness Training | Security awareness education is an ongoing activity.
Incident Response Training and Plan Review | At least once every 12 months, the security incident response plan is reviewed and the content is updated as needed and tested, including all elements in Requirement 12.10.1.
Contextual Security Solutions can assist your organization with these tasks, keeping you on track with your compliance initiatives.