Our holistic, 12-month programmatic approach to maintaining PCI compliance is rooted in proactive collaboration and CISO-style guidance, with a long-term view towards strengthening your security posture.
We live in an opportunistic reality, with 72% of attackers simply going after the easiest targets. The stronger your defenses, the more likely you are to deter the bad guys. As a trusted PCI Qualified Security Assessor (QSA) for nearly a decade, our program is tailored to address PCI compliance for merchants and service providers alike.
Security Risk Assessment
We determine the likelihood of a cyber attack by reviewing the maturity of your information security from a technical, procedural and policy standpoint.
Social Engineering Testing
To mitigate internal risks, we evaluate your office space and your team’s response to USB drive baiting, phishing and pretexting.
SAQ or ROC Assessment
As a QSA, we assist with the interpretation and response for each requirement and sub-requirement of the Self-Assessment Questionnaire (SAQ), and can perform a formal Report on Compliance (RoC) if one is required.
Agio monitors your firm’s domain names and public DNS services for unusual activity that may indicate cyber fraud.
Program Management & Portal
Your Project Manager and virtual QSA sit down with you on a monthly basis to review progress, leveraging a web-based software as a service (SaaS) portal, which you have full access to, providing a central location for tracking and reporting.
PCI Penetration Testing
We know how hackers think, and we leverage the attacker’s mindset to test and breach your systems both on-site and remotely, successfully identifying weaknesses.
Incident Response Testing
Once a year, we execute tabletop exercises, conduct follow-up meetings with your management, and lead a whiteboarding session to evaluate your incident response.
Policy Review Development
Agio helps you write and review your initial security policies, as well as advising on future updates based on changing PCI compliance requirements, external threats and industry trends.
Security Awareness Training
Agio teaches your end users how to recognize and evade a cyber attack by leveraging your organization’s specific results from our social engineering testing to then tailor a unique annual educational seminar.
Generally we see companies exert a high level of effort and focus on activities for a specific period of time in order to maintain compliance. Unfortunately, this burst of focus is extremely disruptive, taxing internal resources and derailing project work. Instead, we take those activities and spread them over the course of our 12-month program to make compliance digestible and manageable – not to mention affordable, amortizing your PCI spend throughout the year.