PCI DSS Compliance

Optimized management and automation of PCI DSS so you can focus on what's important

Discover our software for PCI DSS

PCI-DSS Compliance GlobalSUITE software®: Manage and monitor your PCI-DSS compliance and alignment centrally and automated. Performs GAP Analysis against the PCI-DSS standard, immediately develops adequacy plans, centralizes the list of existing controls, and manages compliance with PCI-DSS requirements, among other activities. The product is continuously updated to the latest versions of PCI-DSS that are released.

Your team will be able to focus on having threats and risks under control

Ensure that the company’s assets and information maintain its integrity, availability and confidentiality

Establish and operate traceability, monitoring and continuous improvement processes

Ensuring compliance with all PCI DSS regulations within the organization

Request a demo

Features

GAP Analysis

It allows the conduct of differential analyses on PCI regulations, definition of maturity levels for each requirement, visualization of the result through different graphs, comparison of the results of different analyses and the export of the information for reporting.

Compliance plans

It enables the development of the adequacy plan for each differential analysis, the automatic identification of the requirements that are not met, the definition of actions for each unfulfilled requirement and its follow-up.

Evidence management

The platform manages the evidence handled centrally, provides a detailed record of electronic and physical evidence, association with the document manager for electronic evidence and each evidence with the corresponding controls.

Control management

It enables centralized management of controls, association of controls with PCI requirements, evaluation of control effectiveness and configuration of methodologies, publication of control surveys. Association of controls with risks and calculation of residual risk from the effectiveness of the controls.

Risk analysis and management

It has asset inventory and components, dependencies between assets, components and processes, as well as identification, analysis and risk assessment. The definition of risk management plans, the configuration of methodologies for the calculation of risks. GlobalSUITE® comes with predefined risk catalogs and controls. It allows the publication of asset and risk surveys and the management of historical analysis and risk management.

Compliance management

The tool allows the management of compliance with PCI regulations, defining the maturity status of each requirement showing graphs of them. It also allows the association of documents (policies, procedures and records) related to each requirement, and the controls related to them, and the management of historical for the same catalog of requirements.

Integration with Power BI

It exploits GlobalSUITE data to the maximum® by making an executive dashboard in a Business Intelligence tool such as PowerBI

Publishing compliance surveys

The software enables the design of surveys with questions for each requirement, the sending of surveys via email and the consolidation of all the answers in a single catalog.

Balanced Scorecard

The comprehensive dashboard enables the management and strategic control of the organization through different metrics and indicators.

Contact one of our experts now!

Get started

The solution at a glance

Thanks to GlobalSUITE’s integrated approach®, the solution’s foundation can be leveraged to grow with the different modules and tools that make up the platform, thereby taking advantage of synergies and corresponding cost and time savings. The platform can be licensed in an integrated form or separately from each of its products.

Product sheet

Request a demo

Managing controls and evidence

Thanks to GlobalSUITE®, one of the fundamental parts to achieve PCI compliance, can be done in a distributed and collaborative way among the different managers of the areas involved.

Continuous assessment of compliance status

It allows to centrally manage the controls established together with their evidence, with traceability to each PCI requirement, as well as the implementation of several requirements that the standard establishes, such as component inventory, risk management, incident management or management of audit findings.

World-class companies and organizations already trust us

What is PCI DSS and what does it bring to your company?

PCI DSS (Payment Card Industry Data Security Standard) is a security standard that consists of requirements necessary to protect sensitive credit and debit card information. It is mandatory for all companies that accept, process or transmit credit or debit card data to maintain a safe environment. Companies that process, store, or transmit card data must meet the standard or risk losing their permissions to process credit and debit cards There are twelve requirements or requirements that PCI SSC proposes as a requirement to follow:

Requirement 1: Firewall settings to protect card owners’ data.
Requirement 2:Do not use system passwords and other default security settings provided by vendors. Protect Card Owners Data.
Requirement 3:Protect stored data from card owners.
Requirement 4:Encrypt card owners’ data and sensitive information transmitted over open public networks. Maintain a Vulnerability Management Program.
Requirement 5:Use and regularly update antivirus software.
Requirement 6: Develop and maintain secure systems and applications. Implement robust access control measures.
Requirement 7:Restrict access to data based on the official’s need to know the information.
Requirement 8: Assign a unique ID to each person who has access to a computer.
Requirement 9: Restrict physical access to card owners’ data. Regularly monitor and test networks.
Requirement 10:Track and monitor all access to network resources and card owners’ data.
Requirement 11:Regularly test security systems and processes. Maintain an Information Security Policy.
Requirement 12:Maintain a policy that contemplates information security.

Let’s start a new project together

Learn more

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_dc_gtm_UA-965325-8	1 minute	No description
afl_wc_utm_cookie_expiry	3 months	No description available.
afl_wc_utm_sess_landing	3 months	No description available.
afl_wc_utm_sess_visit	3 months	No description available.
AnalyticsSyncHistory	1 month	No description
bridge_sid_Xy0yMDM3OTQ4Nzkz	2 hours	No description
bridge_uid_Xy0yMDM3OTQ4Nzkz	1 year	No description
li_gc	2 years	No description
oribi_cookie_test	session	No description
oribi_session	2 hours	No description available.
oribi_user_guid	1 year	No description available.
prism_224354013	1 month	No description
TS01ad8345	session	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	These cookies are set via embedded youtube-videos.
yt.innertube::requests	never	These cookies are set via embedded youtube-videos.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_XWPV7VHQKR	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
CONSENT	16 years 3 months 17 days 8 hours 11 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.