Case Studies

Compliance

dst_output

DST Output

DST stores and transmits primary account numbers as a mechanism to service our clientele. In order to reinforce customer confidence in DST’s payment security dossier and augment competitiveness in the credit card services arena, DST recognized and embraced Payment Card Industry (PCI) Security Standards Council certification requirements in 2011.

DST stores and transmits primary account numbers as a mechanism to service our clientele. In order to reinforce customer confidence in DST’s payment security dossier and augment competitiveness in the credit card services arena, DST recognized and embraced Payment Card Industry (PCI) Security Standards Council certification requirements in 2011.

PCI standards reduce cardholder exposure and incidents of credit card fraud. These standards mandate twelve rigorous criteria under six control objectives regarding card data storage, processing and transmission of customer information, with the stated goal of ensuring cardholder privacy and security. Validation is conducted annually by an external Qualified Security Assessor (QSA) consultant.

Seeking to solidify its PCI compliance profile, DST sought a superior IT partner to provide knowledge, guidance and implementation services. DST was referred to NCI by a major international consulting and auditing firm who is also a member of the Big Four professional services firms.

NCI is a PCI assessment and certification expert with over five years of PCI-specific experience assisting hundreds of Canadian businesses secure their PCI certifications and buttress their online payment security profiles. NCI consultants are certified by PCI Security Standards Council as Authorized Scanning Vendors (PCI ASV), Qualified Security Assessors (PCI QSA) and Payment Application Qualified Security Assessors (PCI PA QSA).

Read Synopsis Download PDF

york_university

York University

York University has two campuses located in Toronto. It hosts over 70 campus merchants of varying sizes that process credit card payments in a variety of manners.

York University has two campuses located in Toronto. It hosts over 70 campus merchants of varying sizes that process credit card payments in a variety of manners.

In 2009, Laurie Lawson (University Treasurer) and Chris Russel (Director of I.C.T. Infrastructure and Information Security Officer) identified Payment Card Industry Data Security Standard (PCI DSS) compliance as a high-priority start-up project that would have an impact on all aspects of York University’s merchant handling of credit cards. They began to investigate what the Standard entailed and its potential associated impact on the university and its merchants. They were rapidly convinced that professional expertise, specific skills and an external ally, well-versed in PCI DSS, were required to concentrate and guide the efforts at the university.

The new compliance requirement was raised with York’s senior management, who subsequently approved an initiative lead by Laurie and Chris to source a qualified partner that would provide the necessary skills and advice. Adhering to the York University procurement policy and procedures, an RFP was prepared and issued in April 2010.

In considering the numerous proposal submissions, York sought a knowledgeable partner who understood York’s PCI requirements as they pertained to its particular IT, business and academic environments. It was also looking for a vendor who would provide a Qualified Security Assessor (QSA) that could mesh with their team, provide expert guidance throughout the project and, subsequently, validate the completed work.

York was initially drawn to NCI due to the company’s information security specialization, unique background and talent pool. While many e-commerce security companies claim an ability to perform “PCI QSA-type of work”, NCI’s network security background offered true depth of technical expertise and experience with similar projects. NCI has over five years of PCI compliance consulting experience in Canada. As well, the company is certified by the PCI Security Standards Council as an Authorized Scanning Vendor (PCI ASV), Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PCI PA-QSA).

Read Synopsis Download PDF

audienceview

AudienceView

Seeking an industry-leading partner to help evaluate and improve their existing security stance, AudienceView approached the PCI DSS team at NCI to assist them in maintaining their PCI compliance and ramping up their company’s cardholder security features. NCI has honed more than five years of expertise specifically related to PCI DSS assessment and compliance.

Seeking an industry-leading partner to help evaluate and improve their existing security stance, AudienceView approached the PCI DSS team at NCI to assist them in maintaining their PCI compliance and ramping up their company’s cardholder security features. NCI has honed more than five years of expertise specifically related to PCI DSS assessment and compliance.

The company has been certified by the PCI Security Standards Council as an Authorized Scanning Vendor (PCI ASV), Qualified Security Assessor (PCI QSA) and Payment Application Qualified Security Assessor (PCI PA-QSA). NCI has assisted in securing hundreds of merchants and service providers across Canada, and has garnered a reputation for client-centered service and superior results.

Read Synopsis Download PDF

sigma

Sigma Software Solutions

In the highly competitive world of software development, Sigma Software Solutions has set itself apart as a leading provider of high-performance customer, order and revenue management software primarily for the telecommunications industry and other high-transaction, customer-facing businesses throughout North America, Europe and Africa.

In the highly competitive world of software development, Sigma Software Solutions has set itself apart as a leading provider of high-performance customer, order and revenue management software primarily for the telecommunications industry and other high-transaction, customer-facing businesses throughout North America, Europe and Africa.

Seeking the right IT Security consulting partner that could work seamlessly with their team, Sigma was impressed by NCI’s demonstrated expertise in network and IT security assessments, and the depth of knowledge that their QSA-certified consultants brought to the table.

With an industry-leading combination of CISSP (Information Systems Security Professional) and CISA (Certified Information Systems Auditor) certified security consultants, and QSA (Qualified Security Assessors), PA-QSA (Payment Application), and ASV (Approved Scanning Vendor) PCI Council Certifications, NCI was the ideal choice for Sigma.

Read Synopsis Download PDF

Cyber-Security

csc_franconord

CSC Franco-Nord

CSC Franco-Nord contracted the services of NCI to assist the school in deploying Aruba’s network architecture. Specifically, NCI provided infrastructure security assistance for wireless, switches and next generation firewall and gateway solutions.

CSC Franco-Nord contracted the services of NCI to assist the school in deploying Aruba’s network architecture. Specifically, NCI provided infrastructure security assistance for wireless, switches and next generation firewall and gateway solutions.

NCI first conducted an evaluation of CSC Franco-Nord’s specific needs, identified end-user experience requirements and management logistics. They set out a plan of action to design and implement a wireless LAN network using Aruba technologies and incorporating security features tailored to CSC Franco-Nord’s needs. NCI provided guidance on security and management, with a particular focus on PKI aspects such as certificate authority, RADIUS, controller high-availability and role-based access control.

Read Synopsis Download PDF

Governance

intel

Intel

NCI, with the 2012 acquisition of YourPrivacy, has expanded its leadership in secure and privacy-friendly online collaboration solutions. YourPrivacy has been a provider of governance, compliance, risk, privacy and security services to Canadian businesses for over a decade. One key ingredient to YourPrivacy’s superior productivity was its secure cloud collaboration experience. The secret: judicious selection of collaboration hardware, software and service providers.

NCI, with the 2012 acquisition of YourPrivacy, has expanded its leadership in secure and privacy-friendly online collaboration solutions.

YourPrivacy has been a provider of governance, compliance, risk, privacy and security services to Canadian businesses for over a decade. One key ingredient to YourPrivacy’s superior productivity was its secure cloud collaboration experience. The secret: judicious selection of collaboration hardware, software and service providers.

Strategic solutions providers, such as Intel and Mindjet, have choosen YourPrivacy as a leading example of the use of online collaboration with clients and internal product development projects to gain a competitive edge.

Read Synopsis Download PDF

mindjet

Mindjet

NCI, with the 2012 acquisition of YourPrivacy, has expanded its leadership in secure and privacy-friendly online collaboration solutions. YourPrivacy has been a provider of governance, compliance, risk, privacy and security services to Canadian businesses for over a decade. One key ingredient to YourPrivacy’s superior productivity was its secure cloud collaboration experience. The secret: judicious selection of collaboration hardware, software and service providers.

NCI, with the 2012 acquisition of YourPrivacy, has expanded its leadership in secure and privacy-friendly online collaboration solutions.

YourPrivacy has been a provider of governance, compliance, risk, privacy and security services to Canadian businesses for over a decade. One key ingredient to YourPrivacy’s superior productivity was its secure cloud collaboration experience. The secret: judicious selection of collaboration hardware, software and service providers.

Strategic solutions providers, such as Intel and Mindjet, have choosen YourPrivacy as a leading example of the use of online collaboration with clients and internal product development projects to gain a competitive edge.

Read Synopsis Download PDF