AppliedTrust Achieves Payment Card Industry Qualified Security Assessor (QSA) Certification

Boulder IT security and infrastructure consultants add to deep credentials in security compliance, protecting customer financial data

BOULDER, Colo. – [January 12, 2010] – AppliedTrust has been certified as a Qualified Security Assessor (QSA) by the Payment Card Industry (PCI) Standards Council—the organization responsible for the development, management, education, and awareness of PCI Security Standards.

This designation authorizes AppliedTrust to conduct on-site compliance audits for companies that process, transmit or store credit card data and are therefore required to comply with the PCI Data Security Standard (DSS). As a QSA, AppliedTrust can also assess compensating controls for compliance when legitimate technical or documented business constraints prevent companies from meeting explicitly stated requirements.

“We’re excited to be able to offer on-site PCI DSS assessments to our clients who are involved with the payment card industry,” said Trent R. Hein, AppliedTrust’s chief executive officer. “In addition to performing PCI DSS assessments, AppliedTrust also has the expertise to conduct PCI pre-assessment preparation and mitigation as well as the ability to help clients navigate the subtleties of the PCI DSS. With the addition of this certification, our team of experts can provide our clients with the full range of services necessary to help them achieve and maintain PCI DSS compliance. The PCI DSS assessments are also a great complement to our other regulatory and standards compliance service offerings, such as HIPAA, SOX ITGC, FISMA, NERC CIP and ISO 27002.”

As one of the leading IT security and infrastructure firms in the nation, AppliedTrust team members already hold a number of key certifications including Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), Information Systems Security Management Professional (ISSMP), Information Systems Security Architecture Professional (ISSAP) from the International Information Systems Security Certification Consortium and Certified SCADA Security Architect (CSSA) from the Information Assurance Certification Review Board.

The PCI DSS framework includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. It is intended to help organizations proactively protect customer account data. Compliance requirements for merchants and service providers vary based on the number of credit card transactions or accounts that are managed per year, and beginning in 2009, Level 2 merchants are also required to complete an annual on-site assessment.

About AppliedTrust

AppliedTrust provides IT security and network/systems infrastructure consulting services. The company serves clients in a variety of industries, including healthcare, financial services, recreation and government. Based in Boulder, Colorado, AppliedTrust's proven process and industry-recognized experts deliver increased security, performance and availability, while reducing ecological impact. For more information, visit www.appliedtrust.com.

About the PCI Security Standards Council

The mission of the PCI Security Standards Council is to enhance payment account security by driving education and awareness of the PCI Data Security Standard and other standards that increase payment data security. The PCI Security Standards Council was formed by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of the PCI Data Security Standard (DSS), PIN Transaction Security Requirements (PTS) and the Payment Application Data Security Standard (PA-DSS). Merchants, banks, processors and other vendors are encouraged to join as participating organizations.

###