PCI DSS

PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data and/or sensitive authentication data.

ASV SCANNING

ASV Scanning is the external vulnerability scanning services using an ASV (Approved Scanning Vendor) solution to validate the compliance of an organization with PCI DSS – ASV Program purposes.

ISO 27001

The standard defines the requirements and provide guidance for establishing, maintaining and continually improving an information security management system (ISMS) and provides a reference set of security controls.

GDPR

The GDPR only allow personal data to be gathered by businesses and organizations under strict conditions, with several requirements put in place to keep sensitive data safe and secure.

PCI DSS

PCI DSS consists of steps that mirror security best practices.

PCI Security Standards are 12 technical and operational macro requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process or transmit cardholder data. The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council: American Express, Discover Financial Services, JCB, MasterCard and Visa Inc.

Being PCI DSS compliant provides a valuable asset to customers that your business is safe to transact with. Conversely, the cost of noncompliance, both in monetary and reputational terms, should be enough to convince any business owner to take data security seriously.

The Standard applies to both Merchants and Service Providers.

ASV SCANNING

The PCI Security Standards Council requires companies at all levels to have regular network scans in order to detect possible vulnerabilities before someone else does.

An Approved Scanning Vendor, often known simply as an ASV, is an organization that uses a set of data security services and tools to determine if a company is compliant with PCI DSS external scanning requirements. ASVs perform an external vulnerability scan of an organization’s network or website from the outside looking inward. In addition to determining if it is PCI compliant, these scans can provide insight into any data security changes that need to be made. External vulnerability scans must be performed quarterly, via an Approved Scanning Vendor (ASV) approved by the Payment Card Industry Security Standards Council (PCI SSC). Rescans must be performed as needed, until passing scans are achieved.

ISO 27001

The adoption of an information security management system (ISMS) is a strategic decision for an organization.

The establishment and implementation of an organization’s ISMS is influenced by the organization’s needs and objectives, security requirements, the organizational processes used and the size and structure of the organization. All of these influencing factors are expected to change overtime. The ISMS preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. It is important that the ISMS is part of and integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems and controls.

GDPR

The objective of this law is to establish a new, updated set of security rules for businesses to follow in order to better protect citizens’ personal data.

The European Union General Data Protection Regulation (GDPR) was finalized on April 27th 2016, and will raise the standard for data protection throughout the EU. Data protection is vitally important to businesses in a variety of industries, and failures in security can lead to business costs, reputation damage, and soon, even larger fines. The GDPR went into effect May 25th 2018 for all EU members, and will set a new precedent for data security.

The GDPR only allow personal data to be gathered by businesses and organizations under strict conditions, with several requirements put in place to keep sensitive data safe and secure. The regulation will tighten data protection by reinforcing data subject rights and monitoring compliance of data processors and controllers. It will also allow for stronger enforcement of these requirements and level severe monetary penalties against businesses that fail to comply with the increased protection of the data security standards.