UCS Solutions has achieved Payment Card Industry Data Security Standard (PCI DSS) v3.0 audit certification with the assistance of Galix, a certified PCI Qualified Security Assessor (QSA). The certification ensures that UCS Solutions’ clients have access to best practice and that security measures are in place to protect sensitive cardholder data.
PCI DSS is a standard that was established by the major card issuers – American Express, Visa, MasterCard, Discover and JCB International – to govern the use and security of payment card information. PCI DSS adherence is mandatory for any service provider that stores, transmits or processes any credit or debit card information.
Says Glen Khan, IT executive at UCS Solutions: “This is another major achievement for UCS Solutions. With the PCI DSS audit and certification, we have put the best practices in place that will help us maintain the highest levels of information security. It gives our clients peace of mind that their data is safe and secure.”
This is the first PCI audit that UCS Solutions has undertaken. “It was an intensive process,” Khan explains, “One that Galix’s professionalism, highly skilled team and service-oriented approach helped make seamless. Their personalised approach and advice helped UCS expedite the process whilst maintaining the highest standards.”
As a provider of IT and payment processes, UCS Solutions requires a licence from the Payment Association of South Africa (PASA). To receive this licence, UCS Solutions must be 100% PCI compliant. With v3.0 of the standard to receive the licence having come into effect in January 2015, UCS Solutions began preparation for its first PCI audit early.
“PCI DSS compliance is journey,” notes Simeon Tassev, director and QSA at Galix. “There is much preparation and considerable effort required from the whole organisation and, once achieved, there is a rigorous maintenance schedule that must be kept up.”
Readiness assessments began in 2013 with workshops and meetings being held across lines of business and within IT divisions to gain an understanding of the scope and coordinate the responses.
“This is a critical part of the process,” emphasises Tassev. “PCI DSS creates a framework that reaches across software, hardware, people and processes. It requires support from the whole organisation, especially as it must be maintained. For it to work, the whole organisation must understand their responsibilities and the impact of their actions on the soundness of the framework.”
Galix personalises the process. “Our goal is to ensure the best, most beneficial approach for the business, but also the most secure approach that will facilitate compliance. The controls must be in place, as must the processes to minimise exposure and deal with threats, and ensure no recurrence.”