PCI DSS certification in cooperation with a qualified auditor ( QSA )
Alfatec Group in collaboration with qualified security auditor ( QSA ) is able to provide special consulting services in all areas related to PCI standard which, among others, includes:
analysis and review of the solutions regarding PCI DSS requirements with recommendations for adjustments or additions to these solutions in order to meet the requirements
training and workshops related to PCI DSS requirements
bank / trader / processor certification according to PCI DSS standard
IT systems vulnerability check and ISO standards compliance
In the wake of growth of IT systems malicious exploitation threat and increasing demand for high quality and world- renowned solution to prevent failure of IT systems , the Qualys company in year 2000 has developed QualysGuard solution with the main focus on of IT systems vulnerability management ( Vulnerability Module -VM ) , later expanded with the company security policy compliance toolsand compliance audit with the requirements of various standards such as ISO, EMV, PCI DSS,… ( Policy Compliance Module -PC , PCI DSS Module – PCI ). As alLastest addition developed by Qualys is a web applications scanning module ( Web Application Service – WAS) .
Among other things, QualysGuard maintains the most comprehensive, always updated database listing all vulnerabilities related to specific IT platforms (MS , Linux , AIX, … ), network equipment ( Cisco, Juniper … ) , and ways to prevent these vulnerabilities. It also provides periodic reporting to IT manager and technical reports with proven ways of problem solving made for technical personnel.
The solution mentioned above is used by most audit firms for the certification purposes , as well as, a considerable number of world renowned companies from various business areas in order to preserve the achieved level of IT security environment and compliance verification to specific standards.
Electronic document validation testing
Electronic identification documents must meet all the requirements laid down in the relevant ICAO, ISO, CEN, BSI and safety specifications, as well as, national and EU regulations. In order to verify compliance with the specifications in time effective manner, without compromising the scope of testing, highly automated testing tools of eID documents are required.
Collis test tools for electronic identification documents are intended to carry out the final inspection and quality assurance of documents during the personalization and issuance. They are based on Collis Conclusion ® testing platform and document personalization check with ‘ Logical Data Structure ‘ tests specified by the ICAO and the EU (EAC ).
Cryptographic equipment maintenance
In accordance with EMV and PCI DSS regulations and recommendations, as well as the manufacturer’s instructions, we carry out regular cryptographic equipment maintenance. Maintenance includes a visual check and crypto equipment functionalities verification. Visual inspection includes checking the device location, as well as stamp and seal on the devices which are preventing unnoticed opening of the device, licenses check and inspection and maintenance of optimum software version installed for the user. Functionality check of crypto-security equipment includes checking the functionalities of the peripheral ports, a card reader, built- in device monitoring mechanism records, as well as, crypto equipment compliance check in the user’s environment with security procedures and recommendations.Top