Galix has announced its successful recertification as an accredited Payment Card Industry (PCI) Quality Security Assessor (QSA) partner.
Recertification is an annual process that must be undertaken in order to enable organisations to continue to perform PCI Data Security Standards (DSS) audits, and requires both the company and the individual QSA to write a comprehensive examination. Organisations must also meet further criteria such as data security, data retention and insurance requirements. As of April 2015, Galix is one of just 12 organisations in Africa and 10 in South Africa certified to perform PCI DSS audits.
QSA companies are organisations qualified by the PCI Security Standards Council to assess compliance with PCI DSS, a standard to which any business, merchant or service provider that accepts credit cards, either online or offline, needs to be compliant. PCI DSS is aimed at enhancing security in the payment card industry, and forms a cornerstone in the fight against payment card fraud and theft, an issue that continues to grow in the digital age.
“Compliance to PCI DSS is a significant undertaking that can be a daunting task for organisations. A comprehensive checklist of requirements must be met, and all areas must meet with the standards if organisations are to be considered compliant. This includes building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks and maintaining an information security policy,” says Simeon Tassev, director and QSA at Galix.
While any organisation involved in the processing of payment card information is required to be compliant with PCI DSS, certain providers also require external auditing, defined by the number of credit card transactions they process or the nature of their business. The latest version of PCI DSS contains more than 240 requirements and sub-requirements that must be met in order to ensure compliance, and organisations must also provide sufficient evidence of compliance in order to meet audit requirements.
“As compliance requires organisations to meet 100% of criteria and involves a number of different processes, this can prove to be an extensive and time-consuming exercise particularly if organisations are ill-prepared for the audit. Galix is able to provide the skilled assistance required to help organisations achieve compliance, including audits and remediation advice and actions,” Tassev adds.
QSA accredited organisations such as Galix are required to meet stringent criteria around internal practices, experience and certifications. To become an accredited PCI QSA partner involves dedication, time and effort with a minimum investment of two years before certification can be achieved. Organisations have to attend a number of training sessions, submit extensive documentation and maintain a certain level of training from the PCI and approved vendors on an annual basis.
“Achieving our recertification for the third time after our original certification in 2012 highlights our commitment to the highest standards of security and ensuring PCI DSS compliance. Few organisations worldwide are able to offer such a service, and even fewer in South Africa. By utilising our services, organisations can leverage our local presence and experience as well as our top level Broad-Based Black Economic Empowerment (BBBEE) rating to ensure they meet the standards required on all fronts,” Tassev concludes.