SERVICE BRIEF

PCI DSS Compliance ServicesComprehensive Services to Achieve and Maintain PCI Compliance

It’s no secret that retaining and managing compliance with the Payment Card Industry Data Security Standard (PCI DSS) is a yearly struggle. Organizations looking to build out or maintain their PCI DSS certification face plenty of obstacles: lack of resources and time, meeting other non-PCI compliance needs, and moving to the cloud are just a few.

These, along with other challenges, leave organizations with a lack of visibility into their PCI environment, leading to inaccurate scope and unknown risk.

A leading provider in PCI services for more than a decade, Optiv has completed more than 1,500 PCI projects in the last three years. We provide a comprehensive suite of services that includes helping you plan, build, run your compliance program, and ensure your environment, as well as your controls, are scoped and implemented appropriately to avoid unnecessary costs and complications.

We don’t just “box check,” but help organizations build out sustainable programs that integrate throughout an organization and help compete. Check box audits do not address your organization’s actual risks, and PCI compliance is a continuous process, one that needs to be regularly monitored. Organizations must continuously assess, report and remediate any identified gaps.

As a Qualified Security Assessor (QSA), Optiv not only conducts official onsite PCI assessments to validate compliance, we also work with you to develop long-term compliance strategies and streamline ongoing compliance maintenance. As an extension of your team, we go beyond compliance to help align security requirements, technology investments and business goals to cost-effectively mitigate risk and improve business performance.

Optiv Solutions

Optiv PCI Services

ASSESS• Executive Workshops• Compliance Strategy

Development• PCI Program Development*• Readiness Reviews• PCI Gap Assessments

REPORT• Payment Application Data

Security Standard (PA-DSS) Report of Validation (PA-ROV)

• Report on Compliance Assessment (ROC)

• Self-Assessment Questionnaire (SAQ) Guidance and Completion

REMEDIATION/MANAGEMENT• ASV Scanning• Penetration Testing• Incident Response Program

Development• Security Awareness Training• Program Management• Scope Reduction Strategy

Sessions• Technology Deployment

* Built through Optiv's Risk Transformation Service methodology

12.20 | RB | 1

Optiv Global Headquarters1144 15th Street, Suite 2900Denver, CO 80202

800.574.0896 | optiv.com

Optiv is a security solutions integrator – a “one-stop” trusted partner with a singular focus on cybersecurity. Our end-to-end cybersecurity capabilities span risk management and transformation, cyber digital transformation, threat management, cyber operations, identity and data management, and integration and innovation, helping organizations realize stronger, simpler and more cost-efficient cybersecurity programs that support business requirements and outcomes. At Optiv, we are leading a completely new approach to cybersecurity that enables clients to innovate their consumption models, integrate infrastructure and technology to maximize value, achieve measurable outcomes, and realize complete solutions and business alignment. For more information about Optiv, please visit us at www.optiv.com.

©2020 Optiv Security Inc. All Rights Reserved. Optiv is a registered trademark of Optiv Inc.

Secure your security.™

Optiv performs more than 150 PCI related engagements

each year

15+ years – The average experience of members in

our Risk Management team

7,000+ clients in 65+ countries

10,000 security projects delivered each year

Case Study

INDUSTRYFinancial Services

CHALLENGEThe client was having difficulty meeting and validating their PCI DSS requirements.

SOLUTION APPROACHOptiv provided guidance and clarification of PCI DSS requirements, meaning, intent and interpretation. During the engagement, Optiv reviewed the client’s cardholder data flow diagrams and card handling processes, analyzed the computing environment and provided design recommendations to reduce PCI scope and increase the organization’s security posture.

OUTCOMEThe client became PCI certified with a valid Report on Compliance and Attestation of Compliance. Optiv continues to conduct its annual compliance assessment.

Why Clients Choose Optiv

Averaging 15 years of business experience in risk reduction and security expertise, many of which have worked as CISOs.

Compliance expertise in multiple standards to develop programs that meet the compliance needs of multiple standards and frameworks.

Industry experience in healthcare, banking, engineering, retail, aerospace and defense, energy, travel and transport, and more.