Xcina Consulting

How to achieve and maintain PCI-DSS compliance?
Securing your customer’s data has never been as important as it is today. Nefarious actors are always looking for new and more sophisticated ways to obtain customer’s data and in particular, their payment card information. So, as an organisation, how do you navigate the complex world of the PCI DSS compliance, to help secure your customer’s payment card information?

Xcina Consulting is a Qualified Security Assessor (QSA) Company.

Whether your organisation fully understands its obligations in terms of being a Merchant or a Service Provider, or is just beginning its journey towards PCI DSS compliance, our team of QSAs can assist.

Should your organisation already understand its PCI obligations and require a Formal Assessment, our QSAs have experience from across a variety of different industry sectors and businesses of all different shapes and sizes.

If your organisation is just starting out, we will assist in the journey to full compliance.

Scoping
Gap Analysis
Remediation

For those organisations with established PCI DSS compliance processes, we can assist in:

Reviewing Self-Assessment Questionnaires (SAQs)
Executing Reports on Compliance (RoC)

How do you grow and mature your organisational resilience

In today’s world, it is not a case of “if” an incident will occur, its often “when”. This is due to the ever evolving and endless list of the threats we face, such as fire, flood, cyber-attacks, ransomware, pandemics, war or supply chain disruptions. Accordingly, our defence mechanisms also need to keep up with the threat landscape.

Ensuring that the organisation is resilient is a fundamental principle of mitigating the evolving threats. Business Continuity Management (BCM) and Crisis Management are two key building blocks of this approach. The main purpose is to be able to continue to deliver business operations and services, at an acceptable level, whilst preventing any significant impact on customers, regulatory compliance, the brand, image and reputation of the organisation.

Xcina Consulting works with organisations to improve their Business Continuity Management (BCM) processes and to implement them consistently throughout the business. We also provide Crisis Management Consultancy to enhance the organisation’s ability to respond, should a serious incident occur.

Improving Business Continuity Management and increasing overall resilience

In order for our consultants to design and implement the most appropriate Business Continuity Management strategy and provide the most relevant risk and crisis management solutions for your organisation, we partner with you to thoroughly understand your business operations and objectives.

By understanding our clients’ processes, supporting resources and underlying infrastructure at a detailed level, we are able to identify and address any weaknesses. We can then design and deliver business continuity and crisis management frameworks enabling the business to continue operating when an incident occurs.

As well as designing and preparing the required policies and procedures, our consultants conduct independent reviews and assessments of BCM frameworks. We also support organisations in testing their plans. This can be as “light touch” or as in depth as clients wish. We can also support tabletop exercises or scenarios that require the physical and/or technical enactment of the Business Continuity or Crisis Management plans.

Where do you start when trying to protect your organisation’s information and customer information, with which you are entrusted?

In today’s digitally connected world (internet of things, big data, digital only services and operations) where huge amounts of data are generated by organisations and more and more operations are online, organisations, governments, regulators, law enforcement agencies and customers have become increasingly concerned about how to leverage and protect their most valuable asset – information.

An organisation’s information as one of its most valuable assets and one of the most vulnerable, requires that organisations take a different approach to information governance.

Despite the huge costs of breaches and incidents, organisations still struggle to meet their information governance objectives including realising strategic insights, increasing customer satisfaction, and reducing compliance risks, operational costs, and regulatory fines.

Organisations now more than ever need to ensure that they have robust information governance arrangements to protect their corporate information and personal data. Failure to implement robust information governance frameworks will result in significant reputational, financial, and legal consequences for firms.

With a multitude of information governance frameworks out there, including ISO27001, GDPR, NIST, CoBIT etc. it is difficult for organisations to design and implement an information governance framework that is suitable for its own needs. Our information governance experts work with you to:

Develop an inventory of the organisation’s information assets and assess their criticality to its operations, regularity requirements and other stakeholder expectations. Design an appropriate

Information Governance Framework suited to the needs of the organisation including an assessment of its key risks leveraging the various best practice frameworks.

Implement the information governance framework in partnership with you and assist with embedding it in the organisation.

Review the effectiveness of any existing frameworks and develop pragmatic remediation roadmaps enabling the organisation to operate within its information governance risk appetite, and in compliance with relevant frameworks.

The ISO27001 Information Management standard is an industry recognised best practice Information Governance Framework. Our consultants hold either ISO27001 Lead Audit or Lead Implementor certification, and are therefore ideally suited to help adapt this Information Governance Framework to your business.

Our Information Governance Consultants will also carry out independent audits of an existing Information Governance Framework to assess compliance with relevant frameworks.

The selection and implementation of a recognised Information Governance Framework will help your business realise the following benefits:

• Increased customer assurance in the way your business handles its information

• Increased internal information management maturity leading to operational efficiencies

• Increased levels of compliance with information security legislation and regulations including data protection

• Reduction in the organisation’s information security risk

• Reduction in the organisation’s overall business risk

• Considerable cost efficiencies through implementation of organisation wide and standard operational processes relating to information management

• Increased tender success potential (as new tenders often include the requirement to align to, or be certified with, recognised Information Governance Frameworks)

• Greater confidence by customers in the organisation’s management of its information assets arising from the independent review or audit.

Clients will benefit from the extensive knowledge and experience of Xcina’s Information Governance Consultants who have certifications that span multiple different disciplines such as:

Certified Information Systems Security Professionals (CISSPs)

Certified Information Security Auditor (CISA)

Certified Information Security Manager (CISM)

ISO27001 Lead Auditor

ISO27001 Lead Implementor

Our information governance consultants are dialled into the latest developments in information security coming as they do from a military intelligence background.

By employing Information Governance Consultants with certified knowledge and experience in multiple disciplines, our consultants are able to provide the advice and guidance that most appropriately suits your business and its culture.

We partner with organisations to take them on their journey from virgin design and implementations to reviewing and upgrading existing frameworks. We also provide training so that internal teams are able to maintain the information governance frameworks independently going forward.

The Data Protection challenge

Many organisations undertook significant projects to prepare for the General Data Protection Regulation (GDPR) deadline of May 2018. However, since then, many have failed to embed data protection into business-as-usual activities.

Data protection frameworks have struggled to keep up with internal and external changes. Some organisations do not have specialist in-house resources fully dedicated to data protection; this is where GDPR consultants can help.

The regulators’ expectations are being further clarified on an ongoing basis through additional guidance, enforcement and court cases. Recently, there has been an increasing trend for regulators to issue enforcement actions and fines in cases involving non-compliance.

Our data protection specialists help organisations assess their compliance against the Information Commissioner’s Office (ICO)’s expectations and deliver a remediation plan to achieve a defensible position. We also offer a Virtual Data Protection Officer (vDPO) service to provide technical support and advice as required by clients who may not have the required in-house expertise.