{"id":43958,"date":"2022-03-04T13:30:48","date_gmt":"2022-03-04T12:30:48","guid":{"rendered":"https:\/\/www.usd.de\/pci-security-services\/pci-dss\/interne-reviews\/"},"modified":"2024-05-24T12:18:13","modified_gmt":"2024-05-24T10:18:13","slug":"internal-reviews","status":"publish","type":"page","link":"https:\/\/www.usd.de\/en\/pci-payment-security\/pci-dss\/internal-reviews\/","title":{"rendered":"Internal Reviews"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"0px||0px||true|false\" locked=\"off\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" width=\"100%\" custom_padding=\"0px||||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" text_text_color=\"#FFFFFF\" text_font_size=\"30px\" text_line_height=\"1.2em\" header_font=\"Roboto||||||||\" header_text_color=\"#F07F1D\" header_font_size=\"50px\" background_image=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-pci-dss-broschuere-einfuehrung-standard.jpg\" custom_margin=\"-25px||0px||false|false\" custom_padding=\"95px||60px||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h1 style=\"text-align: center;line-height: 120%;font-weight: 400\">Internal PCI DSS Reviews<\/h1>\n<p style=\"text-align: center;line-height: 130%\">Fulfill requirement 12.4.2 of the PCI DSS<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row disabled_on=\"off|off|off\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" custom_padding=\"||0px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p data-pm-slice=\"1 1 []\">Requirement 12.4.2 of the PCI DSS defines the obligation for service providers to conduct internal reviews at least quarterly. The purpose of the requirement is to support service providers in maintaining their PCI DSS compliance and to ensure that their employees adhere to relevant policies and processes. In addition, Internal PCI DSS Reviews are a solid preparation for upcoming PCI DSS audits.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" collapsed=\"off\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/Ahmad-Najim-Quraishi-usd.jpg\" title_text=\"Ahmad-Najim-Quraishi-usd\" align=\"center\" _builder_version=\"4.21.0\" _module_preset=\"default\" max_width_tablet=\"30%\" max_width_phone=\"30%\" max_width_last_edited=\"on|tablet\" custom_margin=\"|-6px||||\" custom_padding=\"|0px||||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" custom_padding=\"0px||||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p style=\"text-align: center\"><strong>Ahmad Najim Quarishi<\/strong><br \/>Managing Consultant<\/p>\n<p>[\/et_pb_text][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<blockquote>\n<p>\"We know how challenging it can be to allocate the required resources for the quarterly internal reviews while maintaining the up-to-date expertise that is needed to do so. As an accredited Qualified Security Assessor Company, we are happy to assist you with your internal reviews and enable you to focus on your core business.\"<\/p>\n<\/blockquote>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"0px||0px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" custom_padding=\"9px|||||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p>&nbsp;<\/p>\n<h2><\/h2>\n<h2>How do we conduct an internal PCI DSS review?<\/h2>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/\/pci-zertifizierungsprozess-kick-off.svg\" alt=\"PCI Zertifizierungsprozess Kick-off\" title_text=\"pci-zertifizierungsprozess-kick-off\" align=\"center\" _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" width=\"60%\" width_tablet=\"20%\" width_phone=\"30%\" width_last_edited=\"on|tablet\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" custom_padding=\"||0px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3><span style=\"color: #000000\">Kick-Off &amp; Preparation<\/span><\/h3>\n<p>The preparation of each review takes place during a kick-off meeting by phone or web conference. We inform you about our procedure for the implementation and coordinate the framework conditions with you.<\/p>\n<p>[\/et_pb_text][et_pb_text disabled_on=\"on|on|on\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"rgba(240,127,29,0.15)\" custom_padding=\"15px|15px|15px|15px|false|false\" border_radii=\"on|2px|2px|2px|2px\" border_color_all=\"#F07F1D\" disabled=\"on\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p><strong>Optional:<\/strong><br \/>Sie erhalten von uns Rahmen des Vorbereitungsprozesses auf das interne Review zur Vorvalidierung\u00a0 eine Checkliste und ein \u201eCollect Script\u201c, um Sie bei der vollst\u00e4ndigen und strukturierten Erbringung der erforderlichen Nachweise zu unterst\u00fctzen.<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" background_enable_color=\"off\" width=\"100%\" custom_padding=\"||0px||false|false\" border_radii=\"on|2px|2px|2px|2px\" border_color_all=\"RGBA(255,255,255,0)\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p><strong>Optional: <\/strong>During the preparation process before the internal review for pre-validation, you will receive a checklist and a \"Collect Script\" from us to support you in providing the required evidence in a complete and structured manner.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"13px|||||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/\/pci-zertifizierungsprozess-vorbereitung.svg\" alt=\"PCI Zertifizierungsprozess Vorbereitung\" title_text=\"pci-zertifizierungsprozess-vorbereitung\" align=\"center\" _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" width=\"60%\" width_tablet=\"20%\" width_phone=\"30%\" width_last_edited=\"on|phone\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3>Implementation<\/h3>\n<p>The reviews are conducted in the form of on-site workshops or telephone and web conferences by our Qualified Security Assessors. In the process, we check compliance with the following processes:<\/p>\n<ul>\n<li>Conducting daily log reviews and configuration reviews for network security controls<\/li>\n<li>Applying configuration standards to new systems<\/li>\n<li>Responding to security alerts<\/li>\n<li>Adhering to change management processes<\/li>\n<\/ul>\n<p>The validation of the processes takes place through interviews with your responsible employees, document analysis and examination of relevant IT systems.<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"RGBA(255,255,255,0)\" custom_padding=\"||||false|false\" border_radii=\"on|2px|2px|2px|2px\" border_color_all=\"#F07F1D\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p><strong>Optional: <\/strong>Our Qualified Security Assessor helps you assess whether your scope of testing can be expanded to include additional processes that fall within the PCI DSS scope. In this case, the assessor will perform these additional audits on your premises.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"10px|||||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/\/usd-AG-interne-reviews.svg\" alt=\"PCI Zertifizierungsprozess Zertifizierung\" title_text=\"usd-AG-interne-reviews\" align=\"center\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" width=\"60%\" width_tablet=\"20%\" width_phone=\"30%\" width_last_edited=\"on|phone\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3><span style=\"color: #000000\">Remediation<\/span><\/h3>\n<p>We document any deviations from the PCI DSS for you. Based on these recommendations, you undertake to remediate the identified vulnerabilities.<\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"RGBA(255,255,255,0)\" custom_padding=\"||||false|false\" border_radii=\"on|2px|2px|2px|2px\" border_color_all=\"#F07F1D\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p><strong>Optional: <\/strong>You receive a detailed catalog of measures and extensive documentation of all identified deviations in our Audit Connect tool, which is a platform we specifically developed for the management of consulting and certification projects.<\/p>\n<p>Our Qualified Security Assessor is available to answer any questions you may have about the identified deviations and advise you on how to remedy them efficiently.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"1_4,3_4\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"13px|||||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"1_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/\/pci-zertifizierungsprozess-siegel-zertifikat.svg\" alt=\"PCI Zertifizierungsprozess Siegel &amp; Zertifikat\" title_text=\"pci-zertifizierungsprozess-siegel-zertifikat\" align=\"center\" _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"RGBA(0,0,0,0)\" width=\"60%\" width_tablet=\"20%\" width_phone=\"30%\" width_last_edited=\"on|phone\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h3><span style=\"color: #000000\">Re-Testing &amp; Reporting<\/span><\/h3>\n<p>If required, we perform re-tests to confirm the effectiveness of any measures you have taken.<\/p>\n<p>For each review, you will receive a final comprehensive report confirming compliance with PCI DSS Requirement 12.4.2. Using this report, you can then efficiently prove compliance with the requirement in the annual PCI DSS audit.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_margin=\"-8px||||false|false\" custom_padding=\"||2px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_divider color=\"#d8d8d8\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_divider][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"||0px|||\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<h2>Your personal PCI Officer<\/h2>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=\"2_5,3_5\" _builder_version=\"4.16\" _module_preset=\"default\" custom_padding=\"27px||45px||false|false\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_column type=\"2_5\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_image src=\"https:\/\/www.usd.de\/wp-content\/uploads\/usd-pci-security-services-kachel-beratung.jpeg\" alt=\"PCI Beratung\" title_text=\"usd-pci-security-services-kachel-beratung\" url=\"https:\/\/www.usd.de\/pci-security-services\/beratung\/\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_image][\/et_pb_column][et_pb_column type=\"3_5\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][et_pb_text _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"]<\/p>\n<p><span>Do you need an expert in charge of PCI in your company? As a Qualified Security Assessor Company, we will be happy to supply you with one of our experienced experts as your PCI Officer.<\/span><\/p>\n<p>[\/et_pb_text][et_pb_button button_url=\"https:\/\/www.usd.de\/en\/pci-security-services\/pci-officer\/\" button_text=\"Learn more\" button_alignment=\"left\" _builder_version=\"4.21.0\" _module_preset=\"7d5eca5e-7ccf-4359-a023-e8404a31180a\" global_colors_info=\"{}\" theme_builder_area=\"post_content\"][\/et_pb_button][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Internal PCI DSS Reviews Fulfill requirement 12.4.2 of the PCI DSSRequirement 12.4.2 of the PCI DSS defines the obligation for service providers to conduct internal reviews at least quarterly. The purpose of the requirement is to support service providers in maintaining their PCI DSS compliance and to ensure that their employees adhere to relevant policies [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":0,"parent":11700,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-43958","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/43958","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=43958"}],"version-history":[{"count":5,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/43958\/revisions"}],"predecessor-version":[{"id":49529,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/43958\/revisions\/49529"}],"up":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/pages\/11700"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=43958"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}