With a large dedicated staff of PCI accredited security experts, NCC Group is an ideal partner to help with all your PCI compliance requirements.

We provide PCI strategy, PCI programme management, PCI GAP analysis advice, PCI training and awareness and a range of other complementary services.

Our QSAs are focused on providing pragmatic advice to help organisations reduce the cost and impact of PCI DSS compliance. With over 40 QSAs, we assist hundreds of PCI clients annually.

What is PCI DSS?

PCI DSS compliance is mandatory for organisations that store, process or transmit cardholder data as part of their merchant agreement with their acquiring bank. The Payment Card Industry Data Security Standard or PCI DSS is a set of information security requirements designed to reduce payment card fraud and is applicable to any organisation that stores, processes or transmits cardholder data. PCI DSS is a global standard. In addition, adhering to PCI DSS is a way of keeping your organisation and your customer’s information safe from abuse. It could even help show that you comply with other regulations such as the General Data Protection Regulation (GDPR).

For all organisations that have to be PCI DSS compliant it is not an insignificant challenge. There are over 300 requirements that you need to design, implement and manage across your Cardholder Data Environment is difficult to achieve given everyday business constraints – legacy platforms, multiple service providers, staff shortages, business growth and constant change.

How NCC Group can help

NCC Group is accredited by the Payment Card Industry as a Qualified Security Assessor (QSA) and as a PCI Approved Scanning Vendor (ASV). We also have a large internal penetration testing team. This means we can help you at all stages of PCI compliance.

We feel that the QSAs job isn’t just about helping you become PCI DSS compliant. For us it is about gaining PCI DSS compliance cost effectively, with the least amount of pain and ensuring it is sustainable.PCI DSS services offered:

  • Introductory awareness sessions
  • PCI DSS Programme management and strategy definition
  • Scoping definition
  • Gap analysis
  • Internal and external (ASV) vulnerability scanning
  • Penetration testing
  • Remediation support
  • PCI DSS solutions options analysis
  • PCI DSS network design review
  • Report on Compliance (ROC) assessments
  • SAQ support and validation
  • End user training and awareness; Incident response training and Securing the SDLC training
  • Training & Policy development