Alliance Medical Ltd engaged Red Island in 2003
with a view to assessing the state of security of our IT systems. Their
long tenure with us is testament to how highly we regard their services
and support. This is in great part due to the sensitive and
enthusiastic support shown by Red Island. We therefore wholeheartedly
recommend the services of Red Island to any organisation seeking a
professional and dedicated support company. 
PCI DSS
Loss or theft of credit and payment card information is regularly on the news and in the press. The Payment Card Industry Data Security Standard (PCI DSS) is a security framework for ensuring payment is kept and processed securely. Complying with PCI is mandatory for:
- Merchants - Companies or organisations that take payments on credit or debit cards from individuals
- Service Providers - Companies or organisations that are involved in the payment card process, or provide services to merchants that involve payment card transactions or data.
Red Island QSA Services
For organisations that are already compliant, or believe they have all of the necessary elements in place to achieve compliance, Red Island is a registered Qualified Security Assessor (QSA) Company and its Assessors are able to formally review and sign off up to level 1 merchants or service providers. Red Island can also provide assistance for companies just starting out on the PCI DSS compliance process, or need to understand more about their compliance requirements.
Whether you are a merchant or service provider, whether it is a straightforward GAP assessment of your current position against the PCI DSS standard, or your organisation needs support all the way through to audit, Red Island have the specialist QSA staff you need.
Benefits of PCI Compliance
PCI DSS, through its specific set of requirements, aims to reduce the likelihood of loss or theft of payment card information. There are many benefits of PCI DSS compliance including the:
- Protection of customers’ personal data
- Formal recognition and registration of compliance
- Increased customer confidence provided by a higher level of security
- Protection against financial penalties and remediation costs that arise from security breaches
- Safeguarding the organisations brand and reputation
- Better protection of the security systems that surround the storing, processing and transmission or payment cardholder data.
Free PCI DSS Health Check
For the benefit of those organizations that as yet have not been able to address this issue, Red Island Consulting are offering a free PCI DSS health check.
Our health check will identify and assess the organisational systems that stores, processes, transmits or connects to cardholder data process and store cardholder data against the PCI DSS framework. We will then provide you with a detailed business improvement plan containing recommendations and actions required to assist the organization in achieving compliance.
For Merchants:
Let us help you understand which of the 4 merchant levels applies to your business, whether you need an onsite QSA assessment, or whether you can use the Self Assessment Process.
If you are using self assessment, which questionnaire and which requirments apply to you? We can help identify the right level of compliance requirements.
For Service Providers:
Let us help you understand which of the 2 Service Provider levels apply to your business, and whether or not you need an onsite QSA assessment or can use the Self Assessment Process.
We can help identify how to prove compliance to your clients and register as a compliant service provider.
To take advantage of this offer, or to talk in more detail about how Red Island Consulting can assist your organisation, please call Nick Roberts on 020 7090 1091.
Stages of Compliance to PCI DSS
Red Island's recommended approach to organisations complying with PCI DSS is based on the following road map.
Category of compliance: The first main challenge for organisations is to identify what credit cards they process and the volumes of transactions for each card type so they can determine which category of compliance they fall in to.
Scope: Each organisation must identify the data flows in order to ascertain the environment (logical and physical) in which the card transactions are processed. This then becomes the focus of the PCI DSS compliance work.
Infrastructure review: Red Island works with its customers to ensure that compliance is facilitated by ensuring that the design of the infrastructure in which card transactions are processed is designed to optimise compliance.
Audit and assessment: Red Island assists customers to complete a PCI audit assessment of its compliance against the 12 Requirements in the DSS. A detailed report is generated to show where compliance exists and document recommendations where there is non-compliance.
Remediation: Not only does Red Island make recommendations to correct any non-compliance, it also provides consultancy to ensure that remediation activities are carried out in an appropriate manner to ensure compliance.
Compliance Maintenance: PCI DSS compliance is an on-going process. Red Island can provide consultancy services under a maintenance contract to ensure that compliance, once achieved, is maintained to the correct standard.
