Compliance Services

VSR provides services to assist clients with all of their compliance needs, including PCI, GLBA, HIPAA & Sarbanes Oxley.

As part of VSR's compliance services we work with organizations to perform a GAP analysis against regulatory requirements and industry best practices. We not only identify gaps against current regulations but provide recommendations based on industry specific best practices to ensure compliance as regulations evolve.

PCI Readiness

During the readiness review VSR helps clients prepare for upcoming PCI audits by evaluating their current environment, applications, policies, procedures and security controls against the PCI Data Security Standards (DSS). VSR performs an in-depth gap analysis allowing clients to better understand deficiencies prior to the PCI audit. Upon completion of the readiness review VSR's consultants provide a detailed roadmap identifying both tactical and strategic remediation approaches to achieve compliance with the standards.

PCI Requirements

In addition to PCI readiness assessments, VSR offers the following services, allowing clients to meet objectives defined by the PCI Data Security Standards (DSS):

• PCI DSS 6.3 - "Develop software applications in accordance with PCI DSS and based on industry best practices, and incorporate information security throughout the software development life cycle" - VSR offers application security training and SDLC consulting, allowing clients to develop and maintain secure applications througout the SDLC.
• PCI DSS 6.3.7 - "Review of custom code prior to release to production or customers in order to identify any potential coding vulnerabilities" - VSR performs application security code reviews, allowing customers to meet this PCI DSS requirement.
• PCI DSS 6.5 - "Develop all web applications based on secure coding guidelines such as the Open Web Application Security Guide." - VSR offers application security training and SDLC consulting, allowing clients to develop and maintain secure applications througout the SDLC.
• PCI DSS 6.6 - "For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by reviewing via manual or automated security assessment tools or methods, at least annually and after any changes." - VSR performs application penetration assessments to simulate real-world attacks against applications, allowing organizations to meet both PCI DSS 6.6 and 11.3
• PCI DSS 11.3 - "Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification. These penetration tests must include both network and application-layer tests" - VSR performs both application and network penetration assessments to simulate real-world attacks against applications, systems and infrastructure allowing organizations to meet both PCI DSS 6.6 and 11.3 criteria.

PCI Remediation

When assisting with PCI remediation efforts VSR works with clients to understand the requirements of the PCI DSS, and how to implement effective security policies, procedures and controls to address existing gaps. VSR has assisted clients develop and engineer solutions to address both technical and process / policy gaps.