PA-DSS Compliance

The Payment Application Data Security Standard (PA-DSS) was created in conjunction with the Payment Card Industry Data Security Standard (PCI-DSS) to ensure that credit card information is securely stored, processed and transmitted at all times in an organization’s environment. PA-DSS will soon be a requirement for all payment applications.

SPIguard can perform an in-depth review of your payment application, the application development processes and the operational environment to certify PA-DSS compliance. Our experienced QSAs will help you identify weaknesses and recommend solutions that will ensure that your payment application meets requirements.

The SPIguard Way

SPIguard takes a four step approach to PA-DSS compliance:

Step 1: Document Review

  • Gather existing documentation such as Implementation Guide, architecture diagrams, policies and procedures
  • Review Implementation Guide to ensure it meets requirements

 

Step 2: Application Testing

  • Set up test environment and install application according to the Implementation Guide
  • Verify application configurations and settings
  • Test application according to PA-DSS requirements
  • Perform forensic testing of the testing environment

 

Step 3: Verify Procedures

  • Examine artifacts and evidence
  • Verify development, testing and deployment procedures to ensure that they meet PA-DSS requirements

 

Step 4: Certification

  • Prepare Report of Validation (RoV) and associated documentation
  • Submit RoV and associated documentation to appropriate entities

 
 

The SPIguard Advantage

  • Our Qualified Security Assessors understand that the compliance requirements can be difficult to meet if you are not prepared. We can provide you with guidance on the documentation and processes that will be required to be in place.
  • The PA-DSS requirements specify certain things that need to be in the Implementation Guide for payment applications. We will provide guidance on the IG and its contents.
  • Our experienced QSAs can help you identify gaps in your policies and procedures and suggest effective solutions that will help you meet the requirements.
  • We identify the intent of each requirement, rather than look at each as a check box that needs to be checked. This will help keep you secure in the long run.
  • Our proprietary document management system provides a central online repository of all materials related to the certification and makes re-certification or change notifications easy.