IRM is a Qualified Security Assessor Company (QSAC) and a Qualified Forensics Investigator (QFI) for all payment cards and has specialist consultants with full QSA status available to advise clients on all aspects of their route to PCI DSS compliance as well as conducting formal PCI DSS assessments.

The Payment Card Industry (PCI) Data Security Standard (DSS) is a mandatory requirement on all organisations that process credit card or debit card payments, develop products for payment card transactions and/or store cardholder details. PCI DSS defines the requirements for payment card security, sets out the levels of compliance that organisations will need to meet and the way in which that compliance will be assured.

These requirements are backed up by a series of punitive sanctions for non-compliance.

The PCI DSS requires that organisations handling payment card data:

• build and maintain a secure network
• protect cardholder data
• maintain a vulnerability management program
• implement strong access control measures
• regularly monitor and test networks
• develop and maintain an information security policy

As a specialist consultancy in information security and a Qualified Security Assessment Company, IRM can offer its clients the support they need to make decisions about information security provision for payment card data and where to concentrate limited resources.

IRM can provide clients with services in the following areas:

• acting as a specialist advisor on cardholder data protection
• identifying the cardholder data relevant data flows, systems and storage within the organisation
• identify non-permitted data and develop ways of elimination
• providing a snapshot view of the clients level of compliance with PCI DSS
• identifying areas where there is a weakness in PCI compliance
• defining the tasks and resource requirements necessary for PCI compliance remediation
• developing a compliance programme agreed with the merchant acquirers
• complementing the client's compliance programme with specialist technical and business resources
• completion of the annual audit PCI DSS audit for level 1, 2 and 3 merchants
• completion of the PCI self certification process for level 4 vendors
• conducting internal penetration tests
• conducting penetration tests against externally facing servers
• conducting applications security tests and threat analysis

PCI DSS compliance is a complex and resource intensive process which requires a considerable amount of specialist information security expertise. IRM, as an independent information security consultancy, has both the expertise and the experience to support clients through the complex process of PCI DSS compliance.