Vendor needs to provide payment card industry data security standards compliance services.
• PCI DSS compliance assessment to evaluate the current framework of payment ecosystem
• Advise on the current structure and build out of CDE network and systems to prevent data breaches and fraudulent activities
• Implement penetration testing against the CDE to determine security measures to protect against malicious users gaining access to unauthorized data
• External and Internal scans/testing. External scan to be performed outside of UA's network to identify known weaknesses in its CDE network structures. Internal scan to be performed within UA's network to identify any vulnerabilities on its internal CDE hosts that could be exploited through a cyber-attack or data breach.
• Additional penetrating testing and internal/external scans for systems identified containing personal financial data
• Assistance and/or completion of SAQs to ensure that all proper security measures are captured to manage and protect cardholder data
• Assist PCI Compliance Officer in providing guidance and measurable tools in filling out SAQs to help ensure proper security
• Assist with the completion of annual SAQs based on UA's need for the given year
• Review UA's payment technology systems to assess if the current software(s) is installed appropriately to manage data security
• MID (Merchant IDs) structure review to provide a standardized methodology to identify merchants and manage the process of electronic payments
• Review UA's organizational structure to determine if we are "right sized" for our size/scope and help determine if our current structure is optimally conducive to compliance and appropriate support of our CDE
• Provide technical guidance when facing issues with any related payment systems
• Assist with training development and strategies to ensure protection and security in UA's payment system by a deadline that is acceptable and allowable to UA.
↧