Regulatory compliance is a simple fact of doing business. There are very few organizations today that do not capture, process, store, transmit or rely on third party services for some kind of regulated information as part of their daily activities. As the value of information assets increase, so do the threats, risks and regulatory responses for data privacy and protection.

Compliance is no longer just a good business practice. It is now demanded by consumers, employees, shareholders, partners, industry associations and third-party commercial and government regulators. These entities are asking management and organizational leadership to formally attest to the compliance of information governance, security, and privacy practices of the organization.

Coalfire has developed structured processes and integrated into a web based engagement model to enable mapping information security approaches, controls, processes and compliance metrics for most major industry compliance requirements. We can help your organization not only understand your compliance requirements, but also develop business-centric strategies to remediate and maintain compliance. Coalfire has developed compliance solutions to enable your organization's compliance programs and help minimize the costs of ongoing compliance management.

Level 2, 3 and 4 Merchants and Level 2 Service Providers must complete an annual Self-Assessment Questionnaire (SAQ) to evaluate their organization’s compliance in relation to the PCI Data Security Standard. Management must sign off on the accuracy of their self assessment assertions; sometimes without confidence that the requirements are truly understood by their staff or that the responses are truly an accurate assessment of compliance risk. Coalfire provides expert guidance and validation for companies seeking assistance with their internal review and reporting requirements. Coalfire delivers cost effective automated web-based solutions to facilitate the understanding of the assessment questionnaire, the accuracy of responses, tracking of compliance gaps and ease of assessment reporting to acquiring Banks. For more information about Coalfire’s industry leading Rapid SAQ, please download our brochure.

For emerging Level 1 merchants and service providers, facing a full Report on Compliance assessment for the first time can be a disheartening proposition. The rigors of a first-year ROC almost always reveal significant gaps in operations, security processes, and controls- leaving the organization with many unanswered questions and an unclear roadmap to compliance.

Our PCI Pre-Audit Assessment helps organizations avoid the drain of capital and time associated with a first-time ROC by performing a rapid review of your security processes and controls against the full PCI DSS- but without the in-depth control operational testing required by the ROC testing procedures. Our process helps rapidly identify gaps and create a roadmap for success, allowing your organization to concentrate on meeting compliance timelines and budgetary constraints.

As a PCI QSA, Coalfire provides comprehensive security assessments of the Data Security Standard to Level 1 Merchants and Level 1 and 2 Service Providers, resulting in a documented Report on Compliance (ROC). The ROC provides independent validation of compliance to customers, card brands and acquiring Banks. Our ROC assessments are much more than a junior auditor quoting rules and putting checks on a list. Our ROC assessments are led by senior security and audit staff that maintain concurrent CISA and CISSP certifications. Our auditors intimately understand the retail and service provider processing models- and the idiosyncrasies that make your business unique. Many of our auditors have worked with PCI compliance initiatives since the initial VISA CISP and MasterCard SDP programs were released. We help our clients understand compliance risk, control options and compensating control strategies as they work toward achieving and maintaining PCI compliance- at costs that won't break the bank.

PCI compliance requires regular external network vulnerability scanning of all Internet facing systems that process or connect to payment card data. Coalfire is an Approved Scanning Vendor (ASV) for the PCI industry and has both self-service and managed solutions for meeting PCI compliance. Our scanning services are the right choice for safe, accurate and cost effective scanning compliance. We have built our services around the industry's best scanning engines and added report filtering that reduces false positives and negatives. Additionally our tools provide reporting output in XML, Word and Excel with sort-able data that makes assigning and tracking remediation easy. All of our PCI scan information is delivered through a secure portal solution that makes it easy to track status with all associated parties.

Payment applications are under attack at an unprecedented level today. Many payment applications have Internet connectivity, wireless or remote access enabled by merchants that were not incorporated into their initial designs. Most payment applications were developed when there was a drastically different threat and compliance environment in place. A payment application identified as insecure or the source of a compromise damages the reputation and success of the application vendor and merchants utilizing those applications. Payment application vendors are now receiving compliance validation demands from customers, acquirers, processors and PCI Assessors. By complying with PCI's Payment Application Data Security Standard (PA-DSS), application vendors can reduce risks to merchant operations and distinguish themselves as a trusted business partner.

Coalfire, a certified PA-QSA assessor, provides validation services to help payment application developers achieve PA-DSS compliance in a manner that makes sense for their application. Through our exclusive Rapid PA-DSS Compliance Platform, we combine an adaptive intelligence self-help platform with a hands-on assessment methodology to guide clients through the PA-DSS compliance process efficiently and cost effectively. Coupled with Coalfire’s certified application assessors, application developers use the Rapid Compliance Platform to select the compliance strategy that fits their application needs. Coalfire further provides value by communicating with VISA throughout the certification process, accelerating compliance with reduced impact on the development team.

As the economy sinks deeper into recession, developers have demanded a cost efficient way to complete the PA-DSS validation process. Coalfire offers an online self help tool called Rapid PA-DSS to help developers prepare for a much shorter and more productive assessment. For more information about Coalfire’s Rapid PA-DSS, please download our brochure.

For small and medium sized retailers and service providers, compliance with the Payment Card Industry Data Security Standards (PCI-DSS) requires completion and submission of the Self-Assessment Questionnaire (SAQ) and quarterly external network scans. Accurately completing the SAQ can be a complex and frustrating experience. The highest risk to merchants is to maintain proof that compliance testing was adequately documented in case a subsequent data breach occurs. Coalfire's Rapid SAQ cost-effectively guides PCI compliance through an easy to use web interface. Rapid SAQ prepares the most relevant PCI-DSS control questions for your organization, based on your input to a series of questions and then record “justification” for validating each compliance requirement.

Features

• Structured, interactive engine walks users through process and generates all appropriate documents
• Based on your responses Rapid SAQ:
• Automatically determines the appropriate validation type (A, B, C or D) for the merchant
• Presents only those required questions
• Removes questions that are not appropriate
• Record evidence of compliance
• Robust reporting with easy to read graphic stats
• Track your compliance against industry trends
• Can manage multiple entities from one management page (e.g. franchises and/or multiple locations)

Rapid SAQ utilizes the power of Coalfire's Navis platform, which provides customers with a robust suite of tools to manage their IT governance and compliance programs. The Navis platform makes it easier than ever to stay secure and compliant, regardless of organizational size or complexity.

Self Service Rapid SAQ A standalone SAQ is best for organizations with mature controls and audit procedures. The SAQ is completed through automated tools and online services. Users of Rapid SAQ can purchase, document, and generate their PCI self assessment questionnaire (SAQ) entirely independent of Coalfire’s PCI auditors. Users of this option that subsequently want live auditor assistance can select the “Facilitated” offering anytime prior to final submission. Standalone SAQ is the lowest cost option, but offers the lowest level of support. The online tool anticipates that the organization can truly self assess compliance.	Facilitated Rapid SAQ A facilitated version of Rapid SAQ is best for the organizations that are early in their compliance process or do not have the resources to manage complex environments. All of the functions of the Rapid SAQ, with additional “facilitated” support time from a QSA. Facilitated audit service support is provided in one hour blocks to help clarify question content, understand the applicability of controls to the customer’s environment, evaluate and test the strength of controls within their environment and other SAQ related control tasks. The facilitated version has a slightly higher cost, but is accompanied with expert advice to streamline processes or augment organizational staff.
Facilitated help option	Sample Online Forms and Reports
Automatically generates required PCI SAQ form	Remediation planning

To register for a Coalfire's Rapid SAQ click here.

For more information on Coalfire's compliance services, please contact: