EMC Corporation (NYSE: EMC) today announced expanded consulting services to help organizations meet new guidelines outlined within the Payment Card Industry Data Security Standard (PCI DSS) 2.0, effective January 1, 2011. The new services help organizations reduce compliance costs with the Standard and offer customers a holistic and forward-looking approach to risk management.

• The PCI DSS is a framework of best practice requirements for all organizations that collect, process or store payment card account and transaction information and is designed to protect payment card data throughout the information lifecycle.
• Due to hefty fines being levied because of non-compliance, significant percentages of enterprise budgets are devoted to compliance-related data security programs like PCI DSS, according to a recent study conducted by Forrester Consulting on behalf of RSA and Microsoft.*
• Key revisions to Version Two reinforce the need for organizations to participate in a thorough scoping exercise prior to assessment in order to understand where cardholder data resides. This allows organizations to adopt a risk-based approach when assessing and prioritizing vulnerabilities that is based on their specific business circumstances.

• EMC’s new PCI DSS Readiness and Response services from EMC Consulting address the PCI DSS 2.0 revisions and help translate business objectives into policies and information risk strategies.
• Leveraging the security and compliance expertise of RSA, the security division of EMC, these services are delivered through technology, policy and program development. They also include a recommended separation of function between the PCI assessment itself and readiness and remediation planning.

• PCI Program Strategy and Implementation – Organizations leveraging this service not only remediate their PCI compliance issues, but develop a security and compliance program that is aligned with business objectives. New services offered include program development and management, design of strategic frameworks for PCI program, assessment and development of processes and best practices, and PCI training to security teams, data owners, key stakeholders, and internal audit team.
• PCI Readiness Assessments – This service evaluates an organization’s current PCI DSS posture and helps develop a remediation strategy roadmap prior to undergoing a formal PCI assessment. Experts from EMC Consulting use a combination of interviews, system reviews, site visits and document reviews to discover gaps and issues with organizations’ PCI DSS compliance.
• Breach Management and Post- Event Readiness Assessment – Even organizations that pass a PCI Assessment can be impacted by a breach of cardholder information. Should a breach occur, the actions taken following the breach can determine the level of financial impact on an organization. These new services offer post-breach forensics, evaluation, and guidelines to help ensure future compliance of the organization.

A full list of EMC Consulting’s Risk Management and Compliance offerings can be found online.