Assessment Services

The design of many programs, products, and services mean providing the best experience for the end-user.   From time to time, there is a need for a dedicated look at the performance to verify the result matches expectations.   Servadus Assessment services focus on Cybersecurity compliance and security programs for various frameworks.  All assessments can be formal events or a spot check validation.   Assessment programs focus on Payment Card Industry (PCI) Data Security Standards (DSS), SWIFT, EI3PA, NIST, and Ransomware Readiness with a near-term focus on NCUA’s ACET (Automated Cybersecurity Evaluation Toolbox) and Cybersecurity Maturity Model Certification (CMMC) Version 2.

            All validations and assessments include a world-class project and workflow management, which are online systems for near real-time reporting.   The project management provides leading and other stakeholders insight into the plan while supporting the technical point of contact insight to request evidence or artifacts and transparency on the status of each security control that is part of the assessment.  

Payment Brand and Bank support for clients

Payment Card Industry Data Security Standards (PCI DSS)

Level 1 PCI DSS Assessments

For large organizations that process, transmit, or store cardholder data, credits, or debit cards, or otherwise need to demonstrate compliance to the PCI DSS as a Level 1 merchant or service provider, this service supports the validation of the more than four hundred controls and received a Report and Attestation of Compliance. 

Level 2 and 3 PCI DSS Assessments

For small and medium organizations that process, transmit, or store cardholder data, credits, or debit cards, or otherwise need to demonstrate compliance to the PCI DSS as a Level 2 or 3 merchant or service provider, this service supports the validation using one of the eight Self-Assessment Questionnaires and Attestation of Compliance. 

PCI DSS Version 4 Gap Assessment

Already demonstrating compliance with PCI DSS v3.2.1 and want to get started with the new version 4, this assessment the service for your organization.  It reviews the 64 new controls, report of the status of compliance and recommendation for achieving before March 2024.  

PCI Gap validations

Starting a new role, completing changes to the infrastructure, or want a mid-year review, our team will conduct full or partial gap validations to me your company needs.   Contact our special to arrange this custom solution.   

Payment Brand and Bank support for clients

Organizations offering merchant services must manage the PCI DSS compliance of all merchants.  This service coordinates the assessment and compliance of all Level 2, 3, and 4 merchants with online access and support.   

Society for Worldwide Interbank Financial Telecommunication (SWIFT) Customer Security Programme (CSP)

 

SWIFT is a global messaging network used by banks and other financial institutions with the intent to quickly, accurately, and securely send and receive information, such as money transfer instructions. To ensure the security of the messages, SWIFT established the Customer Security Controls Framework (CSCF). 

All SWIFT users have to attest to their compliance with a set of mandatory controls as described in the Customer Security Controls Framework (CSCF).

The Servadus team provides the external independence and experience to validate mandatory and advisor controls to support the CSP.

 

Assessments for all needs

NIST Cybersecurity Framework (CSF)

NIST SP800-53

Cybersecurity Maturity Model Certification (CMMC) v2.0

Experian’s Independent 3rd Party Assessment (EI3PA)

Ransomeware Readiness Assessment

Higher Education Community Vendor Assessment Toolkit (HECVAT)

Higher Education Information Security Council (HEISC)