Compliance to Payment Card Industry Data Security Standard (PCI DSS) is crucial to the success of any business. There are currently more than 250 parts to PCI DSS and each business has different requirements. Thales is a registered Qualified Security Assessor (QSA) company with more than 20 years of experience in the payment field. We review clients’ unique Cardholder Data Environment (CDE) to the PCI DSS and produce Report of Compliance (RoC) and Attestation of Compliance (AoC) upon validating their compliance practice.

Clients can enjoy formal assessment against PCI DSS by QSAs with high cost-effectiveness. Thales provides an impartial review of clients’ in-scope systems, people and processes, the result of which will be reflected in the RoC and AoC. Our experienced QSAs deliver tailor-made controls and solutions, reassuring our clients that their account data security is up-to-date and security protection of sensitive cardholder data is tightened. Clients can also benefit from our one-day training course which raises their security awareness and offers them a solid understanding of the challenges ahead.

Upon understanding clients’ business model (services and products) and data environment (cardholder data flow), Thales can set out to identify the gap between the current state and the standard set by the PCI Security Standards Council, and review the system scope that needs to be compliant: CDE boundaries will be implemented and PCI DSS controls applied. On top of that, Thales can offer remediation support that spans from policy creation, business process design to network architecture. Clients can be assured that their compliance campaigns are efficient, comprehensive and continuous.