PCI DSS: Attestation of Compliance for Telephony Outsourcing Business
A business process and customer experience outsourcing company specialising in providing telephony based product support, ordering and booking services for major recognised client companies from over 25
locations across Europe.
The company integrates their services with client systems many of whom require the company to process payments by payment cards and be compliant with PCI DSS.
Maintaining annual compliance to Payment Card Industry Data Security Standard (PCI DSS) is a contractual requirement for the company with all of their clients for whom they process card payments. Achieving this effectively across all of the various payment systems in use is essential to
maintain operating margins in what is a price competitive market.
The company wanted to have independent assurance that they were able to meet the PCI DSS requirements on an ongoing basis, reduce the scope of their Card Data Environment (CDE) and maintain a consistent approach and process across all client operations to minimise the cost of operation.
How we helped
Starting with an initial review of the company’s operations we supplied
Qualified Security Assessors (QSAs) to assist with reducing the scope of their CDE, establishing a consistent operating model across all client services, and ensuring that these operations complied with PCI DSS.
From this we worked with the company to produce Self Assessment Questionnaires for Service Providers (SAQ-D) for all countries in which they are based and as a QSA company also provided Attestation of Compliance (AOC) reports to independently assure the validity of each
As the company has grown its operations, we have continued to provide ongoing advice of changes to the PCI DSS standard and its impact, have undertaken the production of AOCs for new locations, as well as the annual production of AOCs for existing operations.
We provided the client with PCI DSS knowledge, assisted them in reducing
their PCI scope, considered the PCI DSS implications for new clients, and reduced compliance costs by implementing a common technical architecture and operating processes across all clients.