Privacy and Regulatory Compliance: PCI Assessment for a Life Sciences Company

The client, a global life sciences company with an extensive network of facilities, needed a partner to assess its compliance to the Payment Card Industry Data Security Standard (PCI-DSS), and issue a Report on Compliance (ROC). The engagement would determine its level of compliance with the PCI-DSS, other regulatory/industry requirements, and security best practices. Its compliance with the merchant requirements of PCI-DSS is essential to the client’s business success.

Female lab tech with tablet

Challenge

The client, a global life sciences company with an extensive network of facilities, needed a partner to assess its compliance to the Payment Card Industry Data Security Standard (PCI-DSS), and issue a Report on Compliance (ROC). The engagement would determine its level of compliance with the PCI-DSS, other regulatory/industry requirements, and security best practices. Its compliance with the merchant requirements of PCI-DSS is essential to the client’s business success.

 

Experis Solution

Experis used our proven PCI-DSS Compliance Methodology - which includes discovery, gap analysis, remediation, and reporting - to perform a comprehensive assessment of the client’s cardholder data environment (CDE) and the associated processes and controls used to protect sensitive credit card and payment information.

Our team reviewed and validated the scope of the CDE and performed an initial gap assessment to determine remediation actions needed to achieve compliance. Working with the client, we provided recommendations for closing the gaps through improvements in the deployed policies, processes, and controls. Following the remediation activities, Experis evaluated the corrective actions implemented by the client and confirmed the resulting environment would comply with PCI-DSS and other identified compliance requirements.

Once remediation was completed, Experis performed testing of the CDE against the PCI-DSS compliance requirements and documented any remaining gaps. This process was repeated until all gaps had been addressed. The team then prepared a Report on Compliance in accordance with the requirements established by the Payment Card Industry council and also provided an Attestation of Compliance (AOC).

 

Results

Experis’ flexibility, knowledge of the PCI-DSS requirements, depth of experience in validating compliance, and integral quality assurance process ensured an efficient delivery. The client was so pleased with our service that it hired Experis to repeat this assessment annually.