The SVA Process
SVA Consulting discovered their published software had been highly customized in ways that captured and retained too much information, exposing the business as well as their customers to unnecessary risk. Informal IT processes and practices made them dependent on individual employees which put them at risk and ill prepared for a security incident.
SVA Consulting identified the places Payment Card Industry (PCI) data was used but not adequately secured. They were able to create a framework for removing PCI data from the environment where possible, and developed the security structure for any data that could not be removed. In addition, SVA delivered the foundation and framework for both electronic and paper credit card data including a system upgrade to their CRM (Customer Relationship Management) system. SVA also wrote the policies, procedures and training materials to address PCI compliance requirements.