SISA’s consultative approach helped a GCC banking major ease PCI compliance journey and improve security posture

A leading bank in the GCC region was keen to achieve PCI-DSS compliance, but the bank faced challenges on multiple fronts. Lack of well-defined processes, a high level of end-of-life (EOL) systems and a complex infrastructure landscape born out of a merger, expanded the scope of assessment.

SISA first conducted an in-house workshop for senior executives to help bridge their awareness gap, following which it proposed a three-phased approach to implementation consisting of Scoping and Assessment, Remediation and Certification. The assessment revealed that cardholder data was stored in multiple databases in plain text. SISA recommended 200+ action points for remediation, mapped these to respective departments and created a milestone-based plan for addressing these.

By investing in relevant security tools and remediating all the action points recommended by SISA, the bank was successful in achieving PCI-DSS certification in six months’ time. The certification also helped the bank achieve a better security posture and comply with regulatory mandates.

 

Read the complete case study to know more.

Download Case Study
Case Study-consultative approach GCC Banking major ease PCI compliance journey