The Issue: Strong Vulnerability Management & PCI Compliance at The Same Time
A data breach or attack can cripple, if not totally devastate, an organization and its valued customer base, especially one that captures personally identifiable information through acceptance of credit cards. The results of these incidents are costly, both financially and in negative brand value.
Many businesses are challenged to cost-effectively achieve strong vulnerability management and compliance at the same time. Payment Card Industry-Professional (PCI-Pro) service guides businesses through the PCI Data Security Standards (DSS) requirements knothole with security expertise and personalized recommendations to achieve compliance.
Our Approach to PCI Compliance
Fortra remains one of the world’s longest tenured PCI Approved Scanning Vendors (PCI ASV) today. The PCI Security Standards Council (PCI SSC) maintains a structured process for security solution providers to become ASVs, as well as to be re-approved each year. As a PCI ASV for 19 years running, we have more PCI compliance guidance experience than 90% of the industry.
We believe PCI compliance is achieved by continuously managing an organization’s security posture. As the first vendor to take a “managed service” approach to PCI scanning compliance, Fortra has helped many clients, new to PCI, pass their first PCI compliance test.
The Fortra Difference
Unlike other vendors who promote a “fail until you pass” mindset to compliance, we make PCI-Pro available as a stepping stone approach where compliance resides at the top of a three-tiered pyramid including comprehensive PCI network vulnerability scanning and remediation management.
Our PCI team runs multiple PCI scans, knowing how to best segment a network in the most cost-effective manner. A Personal Security Analyst personally reviews the results, facilitating client understanding of how to remediate for compliance. We can rescan and consult until the client passes the required quarterly PCI scan. Thus, clients attain PCI compliance faster and more efficiently. In between quarterly PCI scans, the PSA offers on-demand access to end-to-end service delivery, customized assessment and remediation guidance, tracking and reporting.
PCI-Pro Service Process
| Tier 1: The foundation | Tier 2: Remediation management | Tier 3: Leverage results | |
|---|---|---|---|
|
External and Internal Vulnerability Scanning
|
|
|
|
|
Robust Technical and Executive Reporting
|
|
|
|
|
Vulnerability Workflow Management
|
|
|
|
|
Trend and Activity Reporting
|
|
|
|
|
Access to a PCI-certified Personal Security Analyst
|
|
|
|
|
Remediation Prioritization and Assignement
|
|
|
|
|
Custom PCI Compliance Management Reporting
|
|
|
|
|
Enterprise-wide Assessment of Vulnerability Remediation Progress
|
|
|
|
|
Produce Reports to Assess Successful Compliance
|
|
||
Advantages of a Fully Managed PCI Scanning Program
Business Advantages
Technical advantages:
Achieve PCI Compliance with Fortra's Managed Services
Request a quote today to get started.