The Customer
Large retail organization with $2.2 billion in annual revenue and more than 132 locations across the U.S. and Canada required assistance completing their annual PCI DSS compliance assessments.
The Challenge
The customer was not sure on the type of reporting forms to be submitted and had a number of deficiencies not addressed from their prior assessment. The expanding business, in conjunction with the evolving PCI DSS controls, left significant gaps in the organization’s ability to achieve compliance. The business challenges included the following:
- Confirming scope of Cardholder Data Environment
- Identifying gaps in compliance with new PCI DSS 3.2 standards
- Maintaining compliance for their 132+ retail locations without internal IT staff
- Developing actionable remediation strategy to meet compliance
The UDTSecure™ Solution
UDTSecure proposed a PCI DSS 3.2 Gap Assessment to help the Customer confirm what was in place, and what problems they would need to remediate in order to achieve compliance. The PCI DSS Gap Assessment confirmed the correct PCI merchant level for which the chain should file, and also identified that proper segmentation could minimize the scope of their cardholder data environment, saving them tens of thousands of dollars and ongoing audit and testing costs.
Through PCI Managed Service agreement, our client is able to outsource ongoing requirements for PCI compliance to us, including:
- Quarterly ASV and internal vulnerability scans
- Wireless testing
- Annual penetration testing
- Assistance in completing self-assessment questionnaires
- Real-time monitoring of firewall logs
- Outsourced security operations team for “as needed” incident response
The Benefits
The UDTSecure PCI Solution helped the Customer realize the following business benefits:
- Cardholder environment minimized through proper segmentation
- Managed services that helps provide required quarterly and annual PCI testing
- UDTSecure removed the Customer’s monitoring burden through outsourcing activities they were not equipped to handle by internal resources and technology
To learn more about UDTSecure’s PCI DSS compliance assessments, please call 954-308-5100 today!