Sales: 888-952-4888
A. Layered Tech compliance management services are based on satisfying the PCI DSS requirements and can be applied to any environment that needs to meet those requirements. back to top ^
A. Layered Tech provides contracted security and compliance management services that facilitate PCI compliance. Scan vendors and SAQ generators do not represent a complete package. back to top ^
A. Layered Tech is a PCI compliance service provider that allows a merchant to offload the duties that a QSA would require be accomplished. A QSA only assesses the compliance of your systems. Layered Tech facilitates the compliance of your systems. Scan vendors provide a single service to cover a single PCI DSS requirement. Layered Tech provides PCI compliance services that fulfill all IT security controls required by the PCI DSS requirements. back to top ^
A. Engaging a managed service provider for secure hosting has many benefits, including:
Chat online with an account manager, or call 888-952-4888 now.
A. Your merchant level depends on the card brands you accept. Most designations use Visa's guide, which can be found at http://usa.visa.com/merchants/risk_management/cisp_merchants.htmlback to top ^
A. Absolutely. Engaging with Layered Tech makes the security validation process much simpler and more reliable than it would be on your own. Layered Tech has helped many companies, large and small, meet PCI compliance by facilitating the majority of the technical requirements. While Layered Tech takes over significant portions of the related security work (see Q13), the fundamental responsibilities (e.g., internal security policies, etc.) of a card data owner remain with you. back to top ^
A. Layered Tech offers a comprehensive suite of managed compliant services called Layer 4: Compliance Management. We constantly monitor and oversee your systems – everything from creating logs and responding to alerts to patching or updating activities. You will not need to add staff or training when you engage with us.back to top ^
A. The Layer 4: Compliance Management page contains a detailed feature summary of included system, network and database managed services. back to top ^
A. Complex enterprise data protection is our niche, and we have a strong record of maintaining security compliance. Layered Tech undergoes many PCI assessments and external audits a year, including an on-site assessment for the Level 1 Report on Compliance (ROC), as well as successful completion of SSAE 16 Type II audits. We know what it takes to achieve and maintain compliance, and how to ensure the ultimate security of our clients' critical data.
Learn more about our unique combination of PCI compliance experience and PCI compliant hosting support.
back to top ^
Chat online with an account manager, or call 888-952-4888 now.
A. Touting your relationship with Layered Tech can actually enhance your sales process. Our reputation as a premier global provider of managed compliant services is unparalleled. And our ability to field complex questions from clients' IT management and external auditors consistently proves valuable in helping demonstrate clients' commitment to providing the utmost confidentiality, integrity and availability of sensitive data.back to top ^
A. Layered Tech's compliance as a service can be implemented as physical dedicated servers, as an enterprise secure cloud solution, or a combination of both, even in remote data centers with international locations. The type of implementation is dependent on your application scope and system requirements. If you need data center space, we can provide it, but we can also work with you to plan a compliant services implementation in remote locations. Co-located systems at Layered Tech allow you to leverage your existing capital expenditures while benefiting from a physical security implementation designed to meet and exceed the PCI DSS requirements. back to top ^
A. Deployment timeframes can fluctuate based on the size and complexity of the system being implemented. System deployment, which includes Layered Tech's compliant managed services (Layer 4: Compliance Management), typically takes 7-15 business days. back to top ^
A. Layered Tech can fulfill - and guarantee - all of the IT controls stipulated by the PCI DSS. This equates to roughly 80 percent of the total PCI DSS mandates, with the policy and custom application requirements being your responsibility. (see Q15 also) back to top ^
Chat online with an account manager, or call 888-952-4888 now.
A. Of course. Layered Tech provides a comprehensive suite of compliance management services, independent of the hardware or software in the underlying environment. We also support a variety of platforms and software components. back to top ^
A. A common method of describing where our services stop is to think in terms of system and custom application. Layered Tech's PCI compliance services manage the device from the operating system down, including all changes, patches, logs, security events, access control, etc. As the client, you are responsible for your custom application features, security methods and direct support. However, you may utilize Layered Tech features to assist with custom application management. A good example is change management. You may want to prevent your developers from accessing or deploying to production systems. With Layered Tech's change management, a Layered Tech client support team member performs the deployment steps for new code. back to top ^
A. Layered Tech's robust, successful change management system is available to all our clients and can be accomplished easily through our normal technical support channels. Your staff can fully engage Layered Tech to manage all change on your systems, and when assessment time comes, you are assured that all the change management requirements have been met. back to top ^
A. All compliance management clients at Layered Tech have built-in security event handling. A robust combination of change control, real-time event alerting (IDS, A/V, FIM), and 24/7 staffing allows Layered Tech to be the first- and second-tier response units on client systems. Additionally, Layered Tech staff can perform full remediation as required. This model frees clients from the day-to-day staffing and expense related to managing significant amounts of security tool output. back to top ^
Chat online with an account manager, or call 888-952-4888 now.
A. Layered Tech truly operates as an extension of your IT staff. Critical security events are engaged by Layered Tech's Computer Security Incident Response Team (CSIRT) and include plans for client involvement. After an event first goes through our support and security staff, we escalate to you if and when there is an impact to your system, application or clients. Additionally, when you are contacted by us, we will have a remediation plan for you to consider and approve. back to top ^
A. Layered Tech captures all system logs and routes them to a central logging system where analysis is performed to meet security event collection requirements. back to top ^
A. Layered Tech is unique in that we believe tools alone do not make a solution. It requires a powerful combination of people, processes and technology to provide a secure data protection solution. All of Layered Tech's services are backed by a dedicated, expert support team, who perform monthly audits against all our security tools and services to ensure consistent implementation and performance. back to top ^
A. System and administrative level access to card data systems is vigorously restricted, logged and authenticated. Application-level access to card data is controlled principally by the security of the custom software you have deployed. Layered Tech will work with you to ensure strong controls on encryption are in place. back to top ^
Chat online with an account manager, or call 888-952-4888 now.
