PCI DSS
The Payment Card Industry Data Security Standard (“PCI DSS”) is a security standard intended and specific to the Payment Card Data industry. Entities that store, process or transmit cardholder data are required to comply, validate and report their compliance to card associations/brands.
Versos is a Saudi-based Qualified Security Assessor Company (QSAC) and an established leader in the PCI DSS compliance space. We are currently managing the PCI DSS compliance of many of the leading financial institutions in Saudi Arabia.
Versos has developed a comprehensive offering of PCI DSS Services that cover:
- PCI DSS gap assessment, remediation support, and certification
- PCI DSS service provider/merchant compliance
- Remediation services e.g. Approved Scanning Vendor (ASV), PenetrationTesting (PT), Security Information Event Management (SIEM), File Integrity Monitoring (FIM), and Encryption solutions
- Continuous compliance services.
ISO 27001
Defense in-depth is an ever increasing requirement for all organizations in order to improve security. Secure technology implementation and proper Information Security Management System (ISMS) policies and procedures are major building blocks in such defense. Versos offers Information Security services to medium and large organizations with a particular focus on compliance audits as well as business process audits. With a proven track record conducting assessment, development, review and compliance services, we are confident that our ISO/IEC 27001 compliance services will provide organizations with effective and valuable service that will meet their expectations. We follow a Plan-Do- Check-Act (PDCA) model that includes the following ISO27001 services:
- Scoping
- Policies and procedures development, assessment and review
- Security architecture design, assessment and review
- Information Security Management forums development, assessment and review
- Technical Controls and Standards development
- Training and Awareness
- Compliance audit
SWIFT security framework
The Society for Worldwide Interbank Financial Telecommunications (SWIFT) Mandated a security framework under its Customer Security Program (SWIFT CSP) for all of its entities to address the growing needs of security to protect against the increase in the cyber fraud and attacks. The SWIFT CSP program objectives are the detection and prevention of fraudulent activities through a set of security controls. Versos experienced consultants can help Its customer ensure their SWIFT infrastructure comply with SWIFT CSP framework by conducting a gap assessment against the framework, remediate any reported gaps and once all gaps are closed, conduct a final attestation. Versos technology and consulting team can support the customer during remediation phase by Implementing security solutions or conducting security services that will Insure reported gaps are closed based on SWIFT controls.
National Cybersecurity Authority’s Essential Cybersecurity Controls
In 2018, Saudi Arabia National Cybersecurity Authority (NCA) released Its guidelines named Essential Cybersecurity Controls (ECC). The guidelines are applicable on all public and private sector entities that either own, operate, or host critical national infrastructure (CNI) and the guidelines serve as the minimum cybersecurity compliance requirements. Versos experienced consultants can help Its customer to comply will all 114 ECC controls across all ECC domains e.g. Cybersecurity Governance, Cybersecurity Defense…etc. Versos services covers gap assessment, remediation support, and final audit. Versos technology experienced team can also help Implementing security solutions that will Insure reported gaps are closed based on ECC controls.
SAMA’s Cybersecurity Framework
Improving security posture for financial institutions is a strategic priority in-order to protect its internal systems, its own data and most importantly customers data. Given the sensitivity and criticality of the data and the value of the transactions being performed by Saudi financial Institutions, Saudi Central Bank (SAMA) released its own cybersecurity framework in May 2017. The purpose of the framework, Is to helps all of SAMA affiliates (banks, insurance companies, and finance companies ) to measure their current security posture and maturity and remediate any reported cyber security risks and gaps. Complying with the framework is mandatory for all SAMA affiliates in Saudi Arabia. Versos experienced consultants will be able to help Its customer on reaching their target SAMA framework maturity level across all framework domains e.g. Leadership & Governance, Risk Management & Compliance…etc.