PCI QSA Review
Published
Description
Cornwall Council request quotations for the following : The QSA will be responsible for the following: • PCI DSS Scope Definition: Review the already identified system components, people and processes that store, process, or transmit cardholder data (CHD) and define the complete PCI DSS scope for the Council. • Readiness Assessment: Conduct a thorough assessment of the Council's current information security controls and practices against the requirements of PCI DSS v4.0. This assessment should include: Review of relevant policies, procedures, documentation and programs to include the methods for monitoring and management of third-party service providers. • Review recently updated internal PCI awareness training materials • Evaluation of network security controls, including segmentation and firewalls. • Review the data flow diagrams • Assessment of system and application security, including vulnerability management and patching. • Analysis of data security controls, including encryption and access controls. • Review of logging, monitoring and testing practices including unauthorised Wi-Fi networks. • Assessment of incident response and business continuity plans. • Identify areas where it is appropriate to use sampling whilst ensuring it is representative of the overall scope and complexity of the CDE • • Gap Analysis: Based on the readiness assessment, identify any gaps or deficiencies in the Council's current controls that prevent compliance with PCI DSS. The gap analysis should provide a clear and actionable roadmap for remediation, including: Prioritization of identified gaps based on severity and risk. • Estimation of resources and costs required for remediation. • Recommendations for specific corrective actions and timelines. • • PCI DSS Report of Compliance (ROC) Assistance: Provide guidance and support to the Council's internal team in completing the applicable report for the assessment. This includes: Explaining the requirements of each ROC section. • Assisting with data gathering and evidence collection. • Reviewing and validating completed ROC for accuracy and completeness. • Information Classification: CONTROLLED PCI DSS Audit Methodology: Develop a repeatable and sustainable approach for future annual PCI DSS audits by the Council's PCI Internal Security Assessors (ISAs). This includes: Documenting the audit methodology, including roles and responsibilities, procedures, and timelines. Providing training and knowledge transfer to the Council's ISAs on PCI DSS audit best practices. Developing audit templates and tools to simplify future audits. Deliverables The QSA will provide the following deliverables: • A detailed report of the readiness assessment findings, including identified gaps and recommendations for remediation. • A prioritised gap analysis report with estimated costs and timelines for remediation efforts. • Completed and validated PCI DSS ROC. • Documented PCI DSS audit methodology and training materials for the Council's ISAs.
Timeline
Publish date
17 days ago
Award date
17 days ago
Buyer information
Explore contracts and tenders relating to Cornwall Council
Go to buyer profileSource
ProcontractsTo save this opportunity, sign up to Stotles for free.
Save in appTender tracking
Access a feed of government opportunities tailored to you, in one view. Receive email alerts and integrate with your CRM to stay up-to-date.
Proactive prospecting
Get ahead of competitors by reaching out to key decision-makers within buying organisations directly.
360° account briefings
Create in-depth briefings on buyer organisations based on their historical & upcoming procurement activity.
Collaboration tools
Streamline sales workflows with team collaboration and communication features, and integrate with your favourite sales tools.
Explore other contracts published by Cornwall Council
Explore more open tenders, recent contract awards and upcoming contract expiries published by Cornwall Council.
- Awarded
Provision of support in Safe Accommodation for Women with multiple vulnerabilities and complex needs escaping Domestic Abuse
Cornwall Council2,618,400 GBPPublished 2 days ago
- Awarded
Provision of Support in Dispersed Safe Accommodation for Individuals Escaping Domestic Abuse
Cornwall Council3,750,000 GBPPublished 2 days ago
- Awarded
Provision of Support in Refuge for Women & Children Escaping Domestic Abuse
Cornwall Council4,767,126.4 GBPPublished 2 days ago
- Awarded
Provision of Support in Refuge for Men & Children Escaping Domestic Abuse
Cornwall Council1,349,963.3 GBPPublished 2 days ago
- Awarded
Provision of Support in Dispersed Safe Accommodation for Individuals Escaping Domestic Abuse
Cornwall Council3,750,000 GBPPublished 2 days ago
- Awarded
Provision of Support in Refuge for Men & Children Escaping Domestic Abuse
Cornwall Council1,349,963.3 GBPPublished 2 days ago
- Awarded
Provision of support in Safe Accommodation for Women with multiple vulnerabilities and complex needs escaping Domestic Abuse
Cornwall Council2,618,400 GBPPublished 2 days ago
Explore more suppliers to Cornwall Council
Sign upExplore top buyers for public sector contracts
Discover open tenders, contract awards and upcoming contract expiries of thousands of public sector buyers below. Gain insights into their procurement activity, historical purchasing trends and more.
- Dacorum Borough Council
- Jigsaw Homes Group Ltd
- Awen Cultural Trust
- Boston College
- Eiffage Kier JV HS2 Main Civils Works, Lots C2 & C3
- NHS Professionals Ltd
- Bournemouth Churches Housing Association Ltd
- National Trust for Scotland
- Houghton Regis Town Council
- Lordswood Boys' School
- The Elliot Foundation Academies Trust
Explore top sources for public sector contracts
Stotles aggregates public sector contract data from every major procurement data source. We ingest this data and surface the most relevant insights for our users. Explore our list of public sector procurement data sources below.