A Proven Process
Sunera’s extensive experience in the field of risk and controls consulting has confirmed that a truly successful compliance program can only be accomplished by using highly skilled resources and a reliable, repeatable process. The process used by Sunera provides a framework which is customized to the unique environment of each payment card industry member, merchant, and service provider. Sunera utilizes this process to ensure the confidentiality, integrity, and availability of cardholder data while minimizing the impact on business operations.
Resources
All members of the Sunera information security team are Certified Information Systems Security Professionals (CISSP) and Qualified Data Security Assessors (QSA). Each Sunera QSA has successfully met the PCICo requirements to provide PCI data security assessment services and issue Reports on Compliance (ROC). With Sunera as your partner, you will always receive expert assistance from industry recognized experts.
Process Overview
The Sunera assessment process minimizes the impact on business operations by providing a logical, structured approach that emphasizes productivity and maximizes return on investment. A brief example of how Sunera conducts assessments follows:
- Define the scope of work to be performed during the assessment.
- Conduct a pre-assessment meeting to establish expectations, identify the key players in the assessment process, and to provide guidance to the client.
- Receive and review off-site all relevant policies, procedures, and technical documentation.
- Arrive on-site and perform the data security assessment process as detailed in the initial scope of work.
- Provide an initial statement of findings which identifies deficiencies and provides recommendations so that remediation efforts may begin as promptly as possible.
- Generate a Report on Compliance.
- Conduct quarterly and/or on-demand network scans to fulfill ongoing PCI compliance requirements.
