sign in
Need an account? Register
 

PCI Services - Are you concerned about vendor independence?

We are. At Terra Verde, we turn away PCI business if there is a conflict of interest. We provide our QSA services under only one of two classifications: PCI Assessment or PCI Solution.

Using the same approach as used by public audit firms, clients requesting PCI services from us are classified into one of two categories: "PCI Assessment" or "PCI Solutions". Using this system avoids any occurrence of risk to a client that results from a vendor assessing it's own work.

PCI Assessment Services:

  • ROC/AOC: Terra Verde is a QSA and can perform your annual assessment and provide your Report on Compliance (ROC) and Attestation of Compliance (AOC).
  • SAQ Guidance: Terra Verde has the qualifications and experience to help you determine which Self-Assessment Questionnaire applies to you and how to obtain the information and comfort you need to sign.
  • Readiness: Having sat on the PCI Council Technical Working Group and having helped many clients achieve PCI compliance, we have the resources needed to assess your readiness to pass your PCI assessment or complete your SAQ.

PCI Solution Services:

  • Gap Closure: We have experience in all areas of risk management and PCI DSS, therefore we are able to help you implement the necessary security controls to close any compliance gaps you have and provide defensible evidence to your QSA. Because of the depth and breadth of our professionals, we can also assist you with emerging technologies such as tokenization, virtualization, and cloud security.
  • Remediation: After a gap analysis or if you are not able to receive a passing ROC from your QSA, Terra Verde can assist with a plan to achieve compliance in all 12 PCI DSS requirements and just as important, we will execute the plan with you or for you.
  • Penetration Test: Terra Verde’s experience with penetration testing is unmatched by our PCI competition. We have a mature program that is very effective in testing external and internal system and network security. This program includes controlled testing in which we will attempt to gain access at both the network layer and application layer.

The PCI Security Standards Council Qualified Security Assessor logo is a trademark or service mark of The PCI Security Standards Council in the United States and in other countries.