San Jose, CA, May 4th, 2009

The Security Consortium™ (TSC) today announced a new service to provide advanced Payment Card Industry Data Security Standard (PCI DSS) compliance assessment audits designed to discover and remediate problems before they turn up in a real audit. The pre-assessment will help an organization identify and learn about existing gaps between its current security posture and the PCI DSS. In addition, it will provide a head start for organizations in remediating identified gaps prior to the arrival of a PCI Qualified Security Assessor (QSA) for an official PCI audit.

“TSC is in a unique position to offer an unbiased pre-assessment service that is focused on achieving critical business objectives instead of driving specific technology implementations,” said Mark Kadrich, CEO of The Security Consortium, a leading third party security testing provider. “As a result of this independence, TSC is able to access a deep well of market intelligence that spans all security technologies and business processes to provide today’s organizations with a clear competitive advantage -- a secure and agile enterprise that can protect customers and still exceed business performance goals.”

The PCI DSS is a multifaceted security standard developed as a collaborative effort among Visa®, MasterCard®, American Express®, Diner’s Club®, Discover®, and JCB USA®, as well as many major merchants. It applies to any organization that stores, processes or transmits cardholder data and extends to all system components.

Although PCI DSS is considered to be a comprehensive credit card information security solution, today’s organizations need to go beyond these requirements to adequately protect against credit card fraud or digital theft. In fact, an all-inclusive security solution needs to extend beyond the technology and reach the company’s IT procedures, hiring practices, physical storage systems, email policies and even facilities management.

Although preventing security breaches and preparing for audits can be costly and time-consuming, the true cost of an oversight can be much greater. In fact, failure to achieve this level of protection can have serious consequences: up to $500,000 per incident, increased fees, restrictions and even removal of processing privileges. Apart from externally imposed penalties, the organization can also face irate customers, possible lawsuits, heavy regulatory oversight, costly repairs to their system, lost goodwill, and lost business.

However, TSC’s new pre-assessment service provides a proactive approach to avoiding these kinds of problems. TSC’s pre-assessment service can build a baseline to ensure that compliance is achieved as efficiently as possible, but can also highlight findings that may be a liability for the company if not handled properly. Performing a pre-assessment builds better compliance life cycle management into the process while keeping the legal liability to the company in check.

TSC’s pre-assessment service includes on-site reviews of IT infrastructure, network design, application architecture and policies that are designed to help organizations streamline and enhance their security compliance efforts. TSC then goes beyond these standard measures to include all facets of the organization’s business processes to provide a true, secure credit card processing environment. TSC will also validate pre-assessment findings and create a remediation plan to address the security gaps. The recommendations are tailored to each specific business to ensure the security policy implements the proper controls based on the unique risks the organization faces. By aligning IT policies, processes and projects with business goals, TSC can help an organization plan, execute and manage their initiatives to provide the right amount of data security across the enterprise while balancing the financial goals of the corporation. The PCI DSS pre-assessment service is available now from TSC.

About The Security Consortium:
Testing, research, counsel and leadership services from The Security Consortium (TSC) provide companies with the ability to balance the need for security with business objectives. By focusing on overall business results instead of narrow test requirements, TSC helps companies improve the processes used to create, purchase, and operate security products.

TSC is a privately held company, founded in 2007 and based in San Jose California.