Compliance

PCI Compliance:

We provide payment card industry compliance services to organizations that store, process, and/or transmit payment card data. Our services provide organizations the tools they need to efficiently manage payment card data risks and drive on-going compliance.

Quarterly Vulnerability Scans / Annual Penetration Testing

As a PCI Approved Scanning Vendor (ASV), Continuum can validate a merchant or service provider’s adherence to the PCI Data Security Standard by performing vulnerability scans of their external-facing environments. The PCI DSS requires the on-going testing of systems and processes that support your payment card environment, and Continuum is qualified to conduct the required annual penetration tests as identified by the PCI DSS. Benefits include:

• certified and industry-tested professionals
• business process-centric approach to risk identification

Annual Onsite Assessment

As a Payment Card Industry Qualified Security Assessor (PCI QSA), Continuum works directly with merchants and service providers to achieve and maintain compliance with the requirements and sub-requirements of the PCI Data Security Standard (DSS). Benefits include:

• comprehensive assessment and audit methodology
• compliance reporting and explanation
• assessment report with practical mitigation strategies
• subject matter experts with industry experience and practical application of the PCI DSS

Self Assessment Assistance

As a PCI Qualified Security Assessor (QSA), Continuum not only guides organizations through the process of PCI self assessment, but also provides experienced insight into the PCI DSS requirements.

PCI Readiness Assessment

As a regulatory compliance and information security organization, Continuum has an extensive knowledge of information systems and compliance regulations that impact organizations.  Continuum helps organizations prepare for a PCI assessment by determining if controls and configurations are in place to promote PCI DSS compliance. Benefits include:

• identify and prioritize PCI compliance initiatives
• identify risks that are important to your business
• develop strategies for continuous compliance and monitoring

 

HIPAA and HITECH:

The first and most important item to address is the fact that the only true “HIPAA Audit” is one conducted at the request of the Department of Health and Human Services.  Continuum is not an approved auditor for these requests.

Once this base understanding is agreed upon between all parties, Continuum is highly qualified to conduct gap analysis assessments between HIPAA and the HITECH Act.  With HITECH extending HIPAA and not replacing or superseding it, we often suggest a combination of the following approaches for addressing HIPAA and HITECH:

• NIST 800-66 assessments as an approach to controls in place.  This approach is especially useful for firms dealing with CMS or Federal Government contracts.
• Continuum has also created workflows that map ISO27002 to HIPAA to PCI v2.0.  This approach is often adopted by organizations trying to blend HIPAA “compliance” into other regulatory issues they are facing.