Background

PCI DSS Controls

PCI DSS is a standard that was created by the Security Standards Council over eleven years ago to protect cardholder data. It applies to any business who stores, processes or transmits cardholder data. Also known as the Cardholder Data Environment (CDE), PCI DSS applies a strict set of requirements to the People, Processes and Technologies that operate within that environment. Each requirement set out within the standard requires regular audit and assessment as part of the compliance regime.

The Bunker has created a cost effective service suite that reduces the overheads of managing compliance, enabling customers to focus on evolving their business whilst meeting with the standard.

Is it right for me?

Whether you are a merchant, payment processor, payment gateway or ecommerce provider, you will need to ensure you are meeting the standard. As cardholder data has now been classified as personal data, the risks of not meeting the standard can now result in greater reputational damage due to breach notification under the EU regulation and large fines.

We can help you architect a solution that is right for your business and complies with the requirement outlined in the Standard.

PCI DSS forms part of The Bunker’s certification suite. Anyone who stores, processes or transmits card holder data MUST comply with Payment Card Industry Data Security Standard.

Why choose The Bunker?

The Bunker’s expertise in this field means we have tailored solutions to meet any PCI DSS requirement. We also have group functions that can cover the full end-to-end services, including consultancy, build, test and deploy, penetration testing, ASV scanning and SoC and SIEM services.

As a Managed Services Hosting Provider we maintain a strict regime and are testing each year on all of the twelve requirements by an independent QSA. This ensures we are able to advise businesses to meet the various challenges presented by changes to the standard.

How we helped International Payment Gateway

How PCI DSS Controls works

When embarking on a strict framework such as PCI DSS, The Bunker understands the importance of working closely with you as the customer, and becoming an extension of your team.

We will qualify the level of compliance you need to meet and which of your services are in scope. Based on our discovery, we will design a solution with a service suite that ensures you meet with the standard. Wherever possible, we also endeavour to de-scope services that do not need to comply, minimising your overheads and ensuring that the process of maintaining compliance remains simple.

Depending upon what you are wanting to achieve, we can simply build an environment aligned to PCI DSS or we can handle the full end-to-end process to ensure that you gain your PCI DSS certification.

Our Accreditations

  • ISO 27001
  • First
  • G-Cloud Accredited
  • ITIL Service Management
  • Microsoft Gold Partner
  • NHS IGSoC Approved
  • PCI DSS
  • PRINCE2
  • RIPE NCC Member
  • Tech UK
  • Veeam Gold Cloud & Service Provider Partner
  • PCI Participating organization
  • Dell EMC Gold Partner
  • Cyber Essentials Plus
  • AWS Select Consulting Partner