Alliance Medical Ltd engaged Red Island in 2003 with a view to assessing the state of security of our IT systems. Their long tenure with us is testament to how highly we regard their services and support. This is in great part due to the sensitive and enthusiastic support shown by Red Island. We therefore wholeheartedly recommend the services of Red Island to any organisation seeking a professional and dedicated support company. 
Payment Card Industry, Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) is a mandatory set of comprehensive requirements for ensuring payment account data security. Developed by the founding brands of the PCI Standards Council, including VISA and MasterCard, it sets out to facilitate the broad adoption of consistent data security measures to proactively protect customer card data on a global basis.
The standard is mandatory for any organization that processes/stores credit and debit cards issued by the major brands and PCI have set a deadline for compliance of June 30th 2007! The penalties for those that do not comply are potentially severe:
- Potential $500,000 fine
- Withdrawal of credit card capabilities
- Negative publicity
Red Island Consultancy Services
PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
Red Island is Europe’s leading Information Security solutions provider and is working with a number of high profile organisations to help them to achieve compliance to PCI DSS in the most efficient and cost effective manner. Due to the urgent need to comply with the PCI DSS, these projects are often carried out against extremely tight deadlines.
Whether it is a straightforward GAP assessment of your current position against the PCI DSS standard, or your organisation needs support all the way through to audit, Red Island have the specialist QSA staff you need.
Benefits of PCI Compliance
PCI DSS, through its binding collection of rules, aims to reduce financial fraud through improving the security capabilities of all aspects of an organisation's IT environment that processes payment card information. There are many benefits of PCI DSS compliance including the:
- Protection of customers’ personal data
- Increased customer confidence provided by a higher level of data security
- Increased protection against financial penalties and remediation costs that arise from security breaches
- Safeguarding the organisation’s brand and reputation
- Risk assessment and benchmarking of the security systems that surround the storing, processing and transmission of payment cardholder data.
Free PCI DSS Health Check
For the benefit of those organizations that as yet have not been able to address this issue, Red Island Consulting are offering a free PCI DSS health check.
Our health check will identify and assess the organizational systems that process and store cardholder data against the PCI DSS framework. We will then provide you with a detailed business improvement plan containing recommendations and actions required to assist the organization gain compliance.
If you would benefit from an independent review of your status against PCI DSS within your organisation and a business improvement plan that will enable you to address your compliance issues, we would be delighted to talk to you.
To take advantage of this offer, or to talk in more detail about how Red Island Consulting can assist your organisation, please call Nick Roberts on 0207 422 7159
Stages of Compliance to PCI DSS
Red Island's recommended approach to organisations complying with PCI DSS is based on the following road map.
Category of compliance: The first main challenge for organisations is to identify what credit cards they process and the volumes of transactions for each card type so they can determine which category of compliance they fall in to.
Scope: Each organisation must identify the data flows in order to ascertain the environment (logical and physical) in which the card transactions are processed. This then becomes the focus of the PCI DSS compliance work.
Infrastructure review: Red Island works with its customers to ensure that compliance is facilitated by ensuring that the design of the infrastructure in which card transactions are processed is designed to optimise compliance.
Audit and assessment: Red Island assists customers to complete a PCI audit assessment of its compliance against the 12 Requirements in the DSS. A detailed report is generated to show where compliance exists and document recommendations where there is non-compliance.
Remediation: Not only does Red Island make recommendations to correct any non-compliance, it also provides consultancy to ensure that remediation activities are carried out in an appropriate manner to ensure compliance.
Compliance Maintenance: PCI DSS compliance is an on-going process. Red Island can provide consultancy services under a maintenance contract to ensure that compliance, once achieved, is maintained to the correct standard.
