INS Approved to Perform PCI Audits in Europe

SANTA CLARA, Calif.--(BUSINESS WIRE)--INS, a leading global provider of business-driven information technology consulting and software solutions, announced today that it has been approved by the PCI (Payment Card Industry) Security Standards Council as a Qualified Security Assessor Company (QSAC) for Europe. INS is currently a QSAC for the U.S, as well as an Approved Scanning Vendor (ASV) worldwide. In addition, INS has set up an independent auditing division to ensure PCI clients will receive the highest attention when meeting data encryption, access control, auditing and host integrity requirements specified in the PCI Data Security Standard (DSS).

“By adding the QSAC designation in Europe, INS has extended its ability to help our clients effectively mitigate risk and achieve compliance to PCI security standards”

According to Gartner, Inc., "Contrary to the wishful thinking of many card-accepting organizations, the PCI standard won't go away. It will only pick up steam as more breaches occur and as counterfeit card fraud continues to escalate. In fact, PCI application security requirements were recently strengthened, and Gartner believes that during the next five years, PCI requirements will continue to be tightened." (Answers to Questions About PCI Compliance, Avivah Litan and John Pescatore, December 7, 2006)

“By adding the QSAC designation in Europe, INS has extended its ability to help our clients effectively mitigate risk and achieve compliance to PCI security standards,” stated INS CISO and Managing Vice President Jim Tiller. “But we’ve taken this one step further by establishing an independent auditing division staffed with highly qualified security consultants who are focused solely on the PCI. This focus ensures that our clients will be able to achieve the highest level of security protection against data theft and fraud.”

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It was agreed upon by the payment card industry (Visa USA, MasterCard International, Amex and Discover) and imposes security requirements for merchants, service providers and banks that handle payment card information. The standard also requires on-site audits, self-administered audits and network scanning by merchants and service providers based on the volume of transactions each facilitates. As a QSAC and ASV, INS is authorized to help merchants comply with these mandatory validation requirements (e.g., on-site audit, quarterly perimeter scanning) as well as conduct pre-audit assessments and remediation.

The PCI DSS encompasses the standards of Visa’s Cardholder Information Security Program (CISP) and MasterCard’s Site Data Protection (SDP) Program. Because the quality of validation assessments can have a tremendous impact on the consistent and proper application of security measures and controls, the Council's QSAC qualification requirements are exacting and detailed, involving both the security companies and their individual employees. INS’ security practice, which was formed in 1994, boasts more than 140 practitioners, and recently received the highest rating ever attained on the NSA INFOSEC Assurance Capability Maturity Model (IA-CMM). A complete description of INS PCI compliance services can be found at http://www.ins.com/solutions/technical/default.aspx?id=1989.

On February 21^st, INS is conducting a free webinar entitled Payment Card Industry Data Security Standard: Getting to Compliance at 11 am EST. Registration for the webinar is available at www.ins.com.

About INS

INS is a leading global provider of business-driven information technology consulting and software solutions. For more than a decade, we’ve been helping organizations effectively use technology to achieve strategic business goals. Our unique solution portfolio enables our customers to reduce costs, increase flexibility, strengthen security, ensure compliance and improve efficiency.

We apply our structured methodologies, strategic alliances and diverse industry experience to deliver in-depth analyses and implement custom solutions aimed at driving business growth. Our consultants hold over 1,100 certifications in 96 categories and our KnowledgeNet database gives them access to over 15 years worth of intellectual property, solutions and proven techniques in an easily-searchable format. Our customers include global enterprises and service providers in all major industries, including telecommunications, financial services, retail, pharmaceutical/healthcare, manufacturing, government and travel and transportation.

For additional information, please visit www.ins.com or contact INS at 1-888-767-2788 in the U.S., 1-905-946-1500 in Canada, 44 (0) 1628 503000 in Europe, 65 6549 7188 Asia, or 1-408-330-2700 worldwide.

INS is a trademark of International Network Services Inc. All other products or services mentioned are the trademark, service marks, registered trademarks or registered service marks of their respective owners.