Key Player

Chief Executive Officer of a not-for-profit organization.

Business Issue

SVA consulted with the CEO of a large not-for-profit organization. The organization was out of compliance for credit card risk. Their liability insurance coverage was insufficient and payment card processors were elevating their risk to severe, thus charging them more to process transactions.


The SVA Process

SVA Consulting discovered their published software had been highly customized in ways that captured and retained too much information, exposing the business as well as their customers to unnecessary risk. Informal IT processes and practices made them dependent on individual employees which put them at risk and ill prepared for a security incident.

SVA Consulting identified the places Payment Card Industry (PCI) data was used but not adequately secured. They were able to create a framework for removing PCI data from the environment where possible, and developed the security structure for any data that could not be removed. In addition, SVA delivered the foundation and framework for both electronic and paper credit card data including a system upgrade to their CRM (Customer Relationship Management) system. SVA also wrote the policies, procedures and training materials to address PCI compliance requirements.

Business Outcome

Most importantly, this organization now has the tools needed to reduce their liability around PCI data. Also the CEO could accurately report to the board of directors the relief of the additional insurance expense and the new compliance measures were now in place.


Want more information?

See our case studies and how we’ve helped others just like you


Virtual Chief Information and Security Officer For a Healthcare Company


Payment Card Industry Risk Assessment For a Not-For-Profit Organization


Virtual Chief Information and Security Officer For a Specialty Product Manufacturer


Cyber Incident Management For a Healthcare Company