IT security concerns brought about by rapid growth led to implementing a strategic program focused on compliance.
A creator and distributor of promotional goods and branded merchandise, which began as a start-up between two college friends, eventually outgrew its humble beginnings. As they grew and acquired larger, more prominent businesses as clients, the ever-changing market and regulatory demands on information and data security became a fundamental business concern.
They were increasingly handling and storing sensitive client information within their systems, and so the need to become PCI compliant became critical. They approached Onepath to help them develop an information and data security strategy and implement the solutions to maintain ongoing compliance.
Initially, Onepath performed a comprehensive PCI-DSS Gap Assessment, which helped the company understand their security landscape and to know what they needed to do to become PCI compliant — from a security, business, and process perspective. As their IT security was, at that point, more important than ever, they signed on with Onepath for an annualized program, which initially assisted in remediation and also supported an ongoing strategy for PCI compliance, and information and data security.
Over the course of our partnership with this company, Onepath:
- Performed a comprehensive PCI-DSS Gap Assessment
- Put in place a remediation strategy and performed remediation of open gaps
- Delivered a 24 X 7 X 365 Managed Security Solution that at a minimum included:
- Network level intrusion detection
- Alert response monitoring
- On-going vulnerability scanning and reporting as required for PCI compliance
- Log aggregation and correlation
- Log review and analysis
- Log retention
- Performed annual penetration testing as required by PCI
- Continued the annual compliance program, while providing the company with a clear understanding of budget and monthly costs to remain PCI compliant
- Migrated the company into a more efficient cloud infrastructure, so sensitive information was no longer stored on the premises
The company continues to be one of the fastest growing organizations in their industry, and they are able to more confidently sign on new customers, knowing sensitive data and their IT infrastructure meets the necessary security standards.