Foresight Consulting is a Payment Card Industry Qualified Security Assessor (QSA) and offers a full range of PCI consulting and assessment services.

Many organisations look for external advice in relation to PCI-DSS. Foresight can act as a trusted advisor and provide assistance and advice in a number of areas including:

  • Preparation for PCI assessments;
  • Remediation;
  • Pre-assessment reviews;
  • Network and system design;
  • PCI gap analysis;
  • Assistance with Self Assessment Questionnaire completion; and
  • Strategic planning for enterprise PCI compliance programs.

Additionally, with PCI QSAs on staff, Foresight Consulting can provide on-site compliance reviews for your organisation.

With a combination of strong technical skills and knowledge of enterprise systems, we pride ourselves on taking a pragmatic approach to the standard and truly understanding the intent of requirements. This ensures organisations can then focus their efforts on the greatest areas of security risk as well as achieving compliance with the standard.

About the Payment Card Industry Data Security Standard (PCI DSS)

The PCI DSS is a standard for securing payment account data and applies to any organisation that stores, processes or transmits such data. This could include Sensitive Authentication Data (e.g. CVV) or Cardholder Data (e.g. Primary Account Numbers). The amount of effort and compliance requirements can differ depending on the amount of transactions an organisation handles.

For those new to PCI, further information can be found on the PCI Council website here.

Self Assessment Questionnaires (SAQ)

The Self Assessment Questionnaire is a compliance validation tool for merchants who do not qualify as a Level 1. There are 5 separate versions of the SAQ, the simplest being SAQ A through to the most complex, SAQ D. It is generally the responsibility of the merchant to determine which SAQ they must complete. A merchant’s acquiring bank may not necessarily be familiar with the inner workings of a merchant, particularly how and where their cardholder data is stored. At Foresight we can assist organisations in making this determination. In addition we can assist in conducting assessments against the applicable SAQ or provide advice on implementation of security controls to meet the SAQ requirements.

Penetration Testing for PCI Compliance

A key component of the PCI DSS is to ensure security controls are effective through testing. Foresight provide a variety of penetration testing services, including external, internal, network and application testing. See here for further details.