Compliance as a Service CaaS GRC PCI DSS Managed Compliance CaaS Security Regulations Software, Services, Certification, SOX GLBA HIPAA FISMA ISO 27002 Governance, Risk Management, ControlCase

Compliance as a Service CaaS

More information

ControlCase has been intimately involved in helping organizations like yours navigate the PCI DSS landscape for several years now. The variety of products out there and the confusion around them makes it very hard to compare competitive offerings.

Various companies have taken various approaches and incorporated various technologies - hardware, software, onsite and managed offsite services to get them PCI Compliant.

We have simplified this whole process and come up with a solution that is akin to "PCI in a Box"; we call it the Compliance as a Service (CAAS).

The Bundle includes everything (except 4 offerings which a majority of the companies already have - firewalls, antivirus, patching process and technology specific encryption) that you will need to get PCI compliant and STAY compliant.

The CAAS offering includes a mix of hardware, software, onsite and offsite services that cost-effectively deliver one of the best values that you will see in the marketplace.

We recommend you seriously look at CAAS and evaluate your current cost of ownership and maintenance for ALL components related to PCI compliance (including hardware, software license and maintenance, personnel costs) with respect to the pricing and convenience offered by CAAS.

However, if you are currently not ready to avail of the benefits and cost savings offered by the Compliance as a Service (CAAS) offering, you can still avail of the individual components.

What is part of Compliance as a Service (Caas)

Component	Category	PCI Requirement met
PCI Gap analysis	Certification	Overall PCI DSS Certification
PCI Remediation support	Certification	Overall PCI DSS Certification
PCI Certification and report on compliance (ROC)	Certification	Overall PCI DSS Certification
Data discovery scanner for cardholder data	Software	Overall PCI DSS Certification
Centralized compliance management portal and reminders	Software	1
Firewall rule-set analysis	Managed Service	1
Configuration scanner	Software	2
Configuration scanning of IT assets	Managed Service	2
Data discovery scanner for cardholder data	Software	3
Searching of cardholder data within environment	Managed Service	3
Application security scanner	Software	6
Application security scanning	Managed Service	6
Logging platform	Software	10
File integrity monitoring platform	Software	10
24/7/365 monitoring with Alerts and Daily PCI log reviews	Managed Service	10
Secure storage and archival of logs	Software	10
Internal vulnerability scanner	Software	11
External vulnerability scanner	Software	11
Internal vulnerability scanning	Managed Service	11
External vulnerability scanning (ASV approved scan)	Managed Service	11
Internal penetration testing	Managed Service	11
External penetration testing	Managed Service	11
Policy manager	Software	12
Customization and updating of policies to meet PCI requirements	Managed Service	12
Annual PCI training portal	Software	12
Distribution and Attestation of Annual Security Awareness Training	Managed Service	12
Annual Risk Assessment	Managed Service	12