
After several years wait, and to surprisingly little fanfare, the Payment Card Industry Security Standards Council (PCI SSC) released the new version of the PCI Data Security Standard (DSS) ...

The PCI SCC has recently released a new remote assessment guidelines and procedures. Here we address a number of key questions: What are the Main Contents? What Led to it Being Published? And others.

Almost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability of the Standard. Even veterans of PCI DSS compliance...

In this blog, we address one of the big questions facing organisations which accept payment cards and are looking to comply with the PCI DSS. Should we outsource the storing, processing and...

In recent blogs, we have focused on how best to ensure you comply with the PCI Data Security Standard. However, this week we will look at what the benefits are of achieving and maintaining compliance…

While it’s one of the areas that IT and security departments find challenging, documentation (and compliant evidence) is what makes for a happy and satisfied PCI Qualified Security Assessor (QSA)...

As a Payment Card Industry Qualified Security Assessor (PCI QSA) company, we are often asked by organisations which process card payments what are main pitfalls to avoid in complying with...

There’s no getting away from the fact that preparing for a PCI DSS ROC can be a bit of a trial, and particularly for those who are experiencing their first visit from a QSA. Like most trials...

We are often asked, both by those new to PCI DSS and those who have been involved for a while, what is the difference between a merchant and a service provider, what are the ‘levels’ and what do...

For an organisation to achieve and maintain compliance to the Payment Card Industry Data Security Standard (PCI DSS), the Payment Card Industry Security Standard Council (PCI SSC) encourages...

In this article, we aim to clarify what requirements the Payment Card Industry Data Security Standard (PCI DSS) places around the protection of cardholder data (CHD) and, in particular, sensitive...

In our previous blog, we looked at where your PCI compliance journey starts. The first step is understanding the flow of your payment card data – by that we mean where payment card information...

Often referred to as the PCI DSS or quite simply PCI, the Standard was developed by the founding payment brands of the PCI Security Standards Council (SSC), including MasterCard Worldwide, Visa...

The Payment Card Industry Security Standards Council (PCI SSC) defines scoping as “the process of identifying all system components, people, and processes to be included in a PCI DSS assessment to...

PCI remediation is an essential activity for any organisation wishing to fully comply with the applicable 12 technical and operational control requirements of the PCI DSS. Whilst many PCI remediation

URM’s PCI DSS gap analysis service is aimed at those organisations which are looking to benchmark their current corporate information security practices (relating to payment card data) against...
If you want to learn more about ISO 27002:2022 and how to implement the new controls and the new attributes, you can attend URM’s ISO 27001:2022 Control Migration Course.
If uncertain, URM is able to conduct a high-level GDPR gap analysis which will assist you understand your current levels of compliance and identify gaps and vulnerabilities.
URM can offer a range of support services when applying for Cyber Essentials Certification. Check our offer!