Reports according to various industry standards are available in Trust Guard’s dashboard. These include PCS DSS, GDPR, ISO27001, OWASP, HIPAA, SOx and NIS2. This allows you to see at a glance whether you meet the requirements your industry places on you.
Before 2004, all card issuers had their own standard to ensure that merchants achieved a minimum level of security when storing, processing and transmitting cardholder data. It was difficult for merchants who used multiple cards from different card issuers to comply with the different standards.
The major credit card organizations made a concerted effort, resulting in the release of version 1.0 of PCI DSS (Payment Card Industry Data Security Standard) in December 2004. MasterCard, American Express, Visa, JCB International and Discover Financial Services established the PCI SSC (Payment Card Industry Security Standards Council) in September 2006 as an administration / governing body that promotes the development of PCI DSS. Independent / private organizations can participate in PCI development after proper registration.
The PCI DSS standard was developed to increase control over cardholder data and reduce credit card fraud. PCI DSS is monitored and implemented worldwide. The latest version of PCI DSS is 3.2.1 and was released in May 2018. The PCI Data Security Standard specifies 12 requirements for compliance. These are organized into six logically related groups called “control objectives.”
The six groups are:
1. Build and maintain a secure network and secure systems
2. Protect cardholder data
3. Maintain a vulnerability management program
4. Implement strong access control measures
5. Monitor and test networks regularly
6. Provide information security policies
Vulnerability management is the cyclical working method to identify, classify, prioritize, correct and mitigate software vulnerabilities. Vulnerability management is an integral part of computer security and network security. Vulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system and looks for known vulnerabilities, such as open ports, insecure software configurations and susceptibility to malware infections.
In the event of a security breach, a compromised company that was not PCI DSS compliant at the time of breach will face additional penalties, such as fines. For your information, enforcement and compliance with the PCI DSS and the determination of fines are performed by individual card issuers, not the Council. Questions in this area should be directed to the card issuers..
Trust Guard’s vulnerability scan is performed by a PCI Security Standard Council-approved scanning company and, along with the self-assessment questionnaire (SAQ), will prove PCI compliance for levels 2, 3 and 4.
The GDPR went into effect in May 2016 and companies have been given until May 25, 2018, to bring their business operations into compliance with the GDPR. The General Data Protection Regulation (GDPR) affects all companies in Europe that store personal data. This legislation regulates how companies should handle personal data, technically and organizationally.
When a company fails to comply with GDPR rules, the maximum fine can be 20 million euros or 4% of annual global turnover, whichever is higher.
On the technical side, Trust Guard can provide assistance with the GDPR. With our scan, we test at many points whether your website and/or network is secure. From this, you can create a pdf report as proof that you are doing everything possible to comply with GDPR.
The origin of ISO27001 certification lies in the English “Code of Practice for Information Security Management.” This refers to a special management system for information security and specifies how you can demonstrably control security risks.
The ISO27001 standard includes several aspects related to information security, including system and software development and maintenance (documentation, processes). The standard states that you define a scope and policy, perform a risk analysis, select measures for identified risks, and implement and manage them.
Achieving and maintaining ISO27001 certification is an ongoing process. With the ISO27001 certification, you are “in control” as far as your security risks are concerned.
When identifying the risks you face with your network, the Trust Guard security scan can help you. We scan your network and inform you about the risks you are running and possible solutions. You can also create a report that provides insight into the risks according to this standard.
The Open Web Application Security Project, or OWASP, is an international nonprofit organization focused on Web application security. Their mission is to make software security transparent so that individuals and organizations can make informed decisions regarding their security. The best-known OWASP project is the OWASP Top 10.
The OWASP Top 10 is a regularly updated report that outlines aspects for Web application security. It focuses on the 10 most important risks. The report is compiled by a team of security experts from around the world. OWASP refers to the Top 10 as an “awareness document,” and they recommend that all companies incorporate the report into their processes to minimize and/or mitigate security risks.
Trust Guard’s security scan scans multiple vulnerabilities, including the 10 top risks defined by the OWASP Top 10 and can generate a report with the scan findings based on those Top 10.
The Health Insurance Portability and Accountability Act (HIPAA for short) is 1996 U.S. legislation for the health care industry. HIPAA is best known in Europe for the privacy protections it expressly provides for the healthcare industry.
This Act describes a number of standard protocols for data transmission. The “Security Rule” describes standards regarding information security, proposing procedural, technical and physical security measures.
HIPAA regulations have shaped developments around privacy protection. The development of technical security measures in particular was triggered by HIPAA, and awareness around achieving adequate privacy protection would presumably have been considerably slower to materialize.
With respect to checking the security of your network, the Trust Guard security scan can help by identifying vulnerabilities and providing solutions. Also, the HIPAA report can provide support to demonstrate that everything has been done to secure the data.
The SOx standard was derived from the bills proposed by Senator Paul Sarbanes and Senator Michael Oxley. Initially there was little support for the proposals, but due to the many scandals in 2002 (Enron, Worldcom, AOL, etc) they were passed in modified form. The purpose of the law is to prevent fraud. Unfortunately, the human factor remains too decisive to completely prevent fraud.
A special feature of the legislation is the threat of prison sentences and fines for management if they fail to comply with corporate governance requirements. Non-U.S. companies must also comply with SOx legislation if they are listed on a U.S. stock exchange.
The Sarbanes-Oxley Act (SOx) is primarily aimed at large companies that develop and use their own software. Previously, these companies also did internal controls, but the SOx legislation formalizes this to a great extent. A special place in it all is occupied by IT. If the software written by the company produces the figures from which the auditors get their data, then the auditors will certainly question the creation of this software. In many cases, the company will have to demonstrate that the software was managed properly.
Here, Trust Guard can contribute by providing a report that provides insight regarding IT vulnerabilities (internal and external).
In the era of constant digitization, society is undergoing various influences that are straining the security of society and the economy. These include the COVID-19 pandemic, the Ukraine war, the increasing impacts of climate change, and an exponential growth of cyber attacks, such as phishing, malware and ransomware. These developments have led to a changing landscape in which European member states recognize the need to strengthen their digital and economic resilience.
In 2016, the European Union introduced the Directive on Security of Network and Information Systems (NIS Directive). This first legislation aimed to increase cybersecurity and focused on essential service providers, including water, energy and telecom companies, the transportation sector, healthcare and finance. In response to the ongoing digital evolution and broader impact on various sectors, the NIS2 Directive was later launched as an extension of this initial legislation.
The NIS2 Directive includes several key elements:
It is crucial to determine whether your company is considered an essential or important service provider. Essential services are vital to the functioning of society, while important services have a significant impact on users or other businesses. If this is the case, there are specific obligations that must be met.
Non-compliance can result in significant fines, up to 10% of annual turnover, with a maximum of EUR 20 million.
Although no final end date has been set yet, there is currently talk of the end of 2024 as a possible deadline for organisations to comply with the requirements of the NIS2 directive. It is very important to keep abreast of any specific deadlines set by the government.
Scan your website now for free with no obligation and protect your customers’ privacy data.
Veenweg 158 – B
3641 SM MIJDRECHT
The Netherlands
+31 (0)297 – 381 303
info@trustguard.eu
Business to You
Exclusive partner Trust Guard EMEA