PCI Compliance & Attestation
In addition to HIPAA, most healthcare organizations must meet the appropriate level of PCI compliance annually. The ability to process patient payments by credit or debit cards is an essential part of revenue cycle management.
The PCI DSS is made up of over 200 requirements and generates hundreds, if not thousands, of mandatory compliance tasks. Scans and pen tests must be conducted accordingly, schedules coordinated, deliverables prepared, and deadlines met.
Gap Analysis & Testing
Regular penetration testing is an essential part of network security and should include all potential threat vectors, including external, internal, cloud, and wireless.
Gap Analysis
Agio’s PCI risk assessment and gap analysis methodology specifically addresses the 12 control areas stipulated in the PCI Standard and fulfills requirements for technical testing as well.
Penetration Testing
As per section 11.3 of PCI-DSS, both internal and external penetration testing must be conducted annually to determine whether credit card data or payment applications can be compromised.
Vulnerability Scanning
Requirement 11 of PCI DSS stipulates that internal and external scanning must be completed by an approved scanning vendor (ASV) quarterly and result in at least one passing scan.
Reporting
After our evaluation, we provide a report identifying compliance gaps and providing prioritized recommendations for remediation. Agio Healthcare can help ensure that your PCI environment is compliant, secure, and reflects industry best practices.
Attestation & Reports
Agio is one of the few cybersecurity companies that provide PCI attestation as well as HIPAA risk assessments. We are uniquely-positioned to facilitate the preparation of PCI Self Attestation Questionnaires (SAQ) or deliver Reports on Compliance (ROC), as well as harmonize your compliance activities and reviews over multiple frameworks.
