Educause Security Discussion mailing list archives
Re: Consultant recommendations for PCI DSS compliance work?
From: Michael Sana <msana () HPU EDU>
Date: Wed, 20 Jan 2010 09:02:28 -1000
The people over at Digital Resources Group listed below (DRGSF.com) have been an excellent resource for PCI consulting. They have offices throughout the US and in Latin America. Jim Cowing would be the best person to contact over there if you are interested. He can be reached at 650-638-3350. mike.sana. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Patrick Laughran Sent: Wednesday, January 20, 2010 7:33 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Consultant recommendations for PCI DSS compliance work? Hi Greg, all public state and community colleges here in Massachusetts were obligated to use one of the following (see below). I have cut and paste the information from the memo with the contact information. We used Lighthouse here at Framingham State. We can talk offline about our experience if you like. The PCI Standards Council also has a great website. Here is a link to the list of "Qualified Security Assessors" and "Approved Scanning Vendors"... https://www.pcisecuritystandards.org/qsa_asv/find_one.shtml The Commonwealth of Massachusetts Comptroller's Office conducted a Multiple Department Procurement/Multiple Department User Request for Response (RFR) with ITD and other departments that accept credit card payments to select PCI Compliance contractors certified by the national PCI Council as Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs). Both Contractors are qualified to provide the consulting, validation, and network scanning services for Commonwealth entities. DIGITAL RESOURCES GROUP, LLC (DRG) LIGHTHOUSE COMPUTER SERVICES, INC. (LCS) VC0000390523 PO Box 55071, Boston, MA 02205 Contact: David Fosdick Telephone: 978-496-1503 Email Address: pci () drgsf com<mailto:pci () drgsf com> Fax: 775-855-5042 Web: www.drgsf.com<http://www.drgsf.com/> VC0000389868 6 Blackstone Valley Place, Suite 205 Lincoln RI 02865 Contact: Timothy Bernard Telephone: (508) 254-2804 Email Address: tbernard () lighthousecs com<mailto:tbernard () lighthousecs com> Fax: (401) 334-0719 Web: www.lighthouseCS.com<http://www.lighthousecs.com/> Authorized Signatories: James Cowing (Managing Director) David Fosdick (Vice President) Authorized Signatories: Anthony N. Fiore, Jr. (CFO) Ernie Yenke (Chief Operating Officer) Thomas Mrva (President) Prompt Payment Discount: 1% if paid within 15 days Prompt Payment Discount: 1% paid in 10 days From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Francis Sent: Wednesday, January 20, 2010 12:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Consultant recommendations for PCI DSS compliance work? Hello, In evaluating PCI DSS compliance, I've found that there are a number of different possible solutions as well as conflicting answers on what can be compliant. While I'm confident that our internal IT staff could build up sufficient expertise to ultimately address the compliance requirements, I think we need to look to outside guidance from those that have expertise with PCI DSS compliance. Can anyone recommend a vendor that they have worked with to assist them on PCI DSS compliance? I'm not looking for a general security consultant; I need the PCI expertise specific to the IT side but with a very strong knowledge of the entire set of requirements for PCI DSS compliance. Thanks, Greg Greg Francis Director, Central Computing and Network Support Services Gonzaga University francis () gonzaga edu<mailto:francis () gonzaga edu>
Current thread:
- Consultant recommendations for PCI DSS compliance work? Greg Francis (Jan 20)
- <Possible follow-ups>
- Re: Consultant recommendations for PCI DSS compliance work? Patrick Laughran (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Brad Judy (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Don M. Blumenthal (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? HALL, NATHANIEL D. (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Hudson, Edward (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Michael Sana (Jan 20)
- Re: Consultant recommendations for PCI DSS compliance work? Blake Penn (Jan 25)