Address: Level 26,Fortune Financial Center,No.5 Dongsanhuanzhong Rd,Chaoyang District,Beijing
Contact: Wang He
In order to identify all settings and security status, we will perform evaluation on clients’ network basic infrastructure and other designs, the purpose is to ensure the safety structures and designs are compliant with PCI DSS. This is not only the requirements of Visa and MasterCard, but also the requirements of acquiring bank.
In this stage, we’d provide you with a comprehensive remediation report, to ensure the system is compliant with PCI DSS rules, which include network frame, safety conditions, and other incident recovery policy etc., and finalize one network diagram and report, to provide support for raising the safety of the whole network payment.
In the preliminary testing stage, we will physically examine the network frame, and interview the information technicians about the same. We will also conduct important network resources auditing. The examination is usually conducted as such, but can be customized according to the specific requirements of the clients. This examination will take one day, after the onsite examination, we will provide remote support for technical consultations and provide report on how to raise the security of the whole network. As part of the examination, we will assist the clients to test their current network structure. The security measures include, but not limited to the following parts:
Discover In Advance
Personnel from client’s company information technology department will be required to provide related network type, quantity of internal nodes, internet and remote access functions, network diagram, one copy of current computer or network security policy flow and other related information. These information will enable our technical consulting team to be familiar with client’s current network security status before onsite testing.
The Startup Meeting is usually very brief, the expected objective is to explain the testing purpose and discuss any documentation related issues. During the startup meeting, all related personnel included, will discuss about the actual system audit schedule and network scan time. Meeting can be conducted via teleconference or as onsite meeting.
Security Consulting Team will receive a simple and clear flow report of current infrastructures, which include the place where the payment gateway store, computer room, communication facilities, physical safety measures and system, and other operational information that is important for the testing.
During the teleconference and facilities checking period, safety consulting team will investigate and confirm the scope area, and at the same time examine the necessary infrastructures within the examination scope of this project.
Technical Consulting Support
After providing remediation suggestions, we will continue to provide you with technical consulting supports, in order to increase the security level of the whole payment gateway. We will also provide teleconference, the time that provided for such teleconference each month within one year will be limited to be within two hours. During the GAP process, the personnel of the service provider will need to conduct actual audit for the infrastructures, and at the same time will interview the major IT personnel. Finally, the service provider has to provide a report as guidance for system remediation on GAPs found during previous checking.