Document Actions
PCI DSS
The Payment Card Industry, primarily the card schemes of Visa and Mastercard, are now taking steps to ensure merchants and service providers become compliant with the Payment Card Industry Data Security Standard (PCI DSS).
Put simply, if you have credit card numbers passing through or stored on your IT systems then you must become compliant with PCI DSS or face financial penalties. If you have a breach of security, resulting in the loss of card numbers, the fines can be devastating, even to a fairly large organisation.
A team lead by two Axiom Tech members Alex Masidlover and Seb James have recently worked with Nottingham based Medoc Computers, to help them achieve PCI DSS Compliance at Level 1 as a Service Provider. Alex and Seb provided a full code review and modification service to ensure that Medoc's web applications are fully compliant with the Open Web Application Security Project (OWASP) guidelines. Alex has also provided services to Medoc to help with securing and administering Linux to match PCI DSS requirements.
Additionally, in light of recent data losses, any organisation storing information on individuals must carefully consider how this is done and ensure that they are 'taking appropriate steps to secure personal data' in compliance with the Data Protection Act. 
Axiom Tech can provide a thorough security review of both internet facing application source code and network and server infrastructure. If your organisation is not required to undergo an audit or, you require an audit for compliance purposes, we can give extensive technical help in implementing the recommendations of an external auditor.
Axiom Team in PCI DSS Success Story