Any organization that processes credit card information must be compliant with a set of data controls, IT security, physical security and policy

requirements that mitigates risk of credit card loss, theft or abuse. As a business operator, are you willing to risk fines, loss of revenue and damaged

reputation by not complying with the Payment Card Industry (PCI) Data Security Standard (DSS)?

At MNP Technology Solutions, we help you meet the PCI challenge by achieving and maintaining compliance. We take pride in ensuring all

assessments are performed objectively and confidentially, with no favour granted to any provider or product. Our goal is to provide you with the

information you need to make stronger business decisions.

Qualifications

Your company will achieve a level of compliance and security that will make you stand out as a

leader among the competition. We are one of a few firms in Canada certified as a PCI Qualified

Security Assessor (QSA) and Approved Scanning Vendor (ASV). Our highly experienced and skilled

IT security professionals hold industry standard and industry leading certifications that enable

them — and you — to keep ahead of the latest cyber trends.

The team’s expertise include certification in information security (CISSP, CISA, OSCP), penetration

testing (GPEN, CEH), payment card industry (PCI QSA and PCI ASV), Cloud security (CCSK), risk

analysis (OpenFAIR) and critical security controls.

are you FUTURE READY?Tomorrow’s Technology is Shaping Business Today

Cyber Security

Payment Card Industry DSS Compliance

Our Approach

To learn more, contact Danny Timmins, National Leader, Cyber Security, at 905.607.9777 ext. 230 or danny.timmins@mnp.ca

PHASE 1 - PCI SCOPE DISCOVERY AND REDUCTION: Our initial step helps you understand how large your PCI environment is and the steps you can take to reduce the scope. This involves both business process and technical changes.

PHASE 2 - PCI GAP ANALYSIS: We conduct an in-depth security assessment that carefully examines your PCI environment, business processes, policies, etc. against the Data Security Standard and identifies gaps. This is done against the full standard, regardless of whether you could qualify for a shorter Self-Assessment Questionnaire (SAQ).

PHASE 3 - REMEDIATION: Once the PCI scope and gaps are established, we help you achieve compliance through vulnerability scanning, penetration testing, risk assessment, end point protection, change detection, log analysis and other services. We also offer a flexible consulting service that provides you complete access to a dedicated Qualified Security Assessor for clarification on any PCI requirement, particularly in relation to remediation efforts and technical challenges.

PHASE 4 - PCI DSS VALIDATION: We offer both Self-Assessment Questionnaire (SAQ) and Report of Compliance(ROC) validation with stringent quality assurance and project management milestones. Each PCI requirement is appropriately sampled and evidence collected through interviews, system evaluations, process and policy reviews, providing you with a high quality report that can be submitted to your bank, acquirer and card brands.

PHASE 5 - PCI MAINTENANCE: To ensure high levels of compliance throughout the year, we will develop a program tailored to your exact needs based on findings acquired during the prior phases. These proven recommendations will reduce the risk of individual controls lapsing and ensure your next validation is as smooth as possible – saving you both time and unforeseen remediation.

Our full spectrum of PCI compliance services assists our clients in understanding, assessing, achieving and validating their PCI DSS compliance. Our typical services include:

PCI Compliance

Scope Discovery

Gap AnalysisMaintenance

Validation Remediation

MNP.ca