Gemserv

“Gemserv works at the heart
of the UK and Ireland’s energy,
environment and water sectors.”

Energy

“Since 1998, Gemserv has been involved
in the design of the energy retail market,
development of trading arrangements
and market processes.”

Water

“In 2006, we were awarded a
contract to design, build and
deliver the world's first competitive
retail water market in Scotland.”

Environment

“The environment sector in the UK and
Ireland is one of change. Growth
has become more apparent in recent
years as Europe takes a leading role in
the world in meeting targets in carbon
emissions reduction.”

Information Security

“Red Island Consulting is a wholly
owned subsidiary of Gemserv, and
Europe's most experienced provider of
Information Security Consultancy Services
and Management Solutions.”

News & Events

Mobile Telco Provider Case Study

Details: 16 February 2012

Client: One of the "big 4" mobile telcos
Title: PCI DSS Compliance and QSA sign-off
Product / Service: PCI DSS Consultancy

Background: Our client was launching a revolutionary e-commerce service for its customers. The service was being provided from a platform that was being commissioned and built from the ground up. Although the platform was being hosted on our client site, there were six key third parties who would be exposed to cardholder data as part of this service delivery.

The Objective: The client needed a PCI DSS Qualified Security Assessor (QSA) to ensure compliance through all stages of the design, commissioning and implementation of the platform. Most importantly, the client wanted assurance that all third parties were in full compliance in the way they interacted with the platform.

The Solution: The initial activity was to conduct a scoping exercise to understand the makeup of the service offering. We reviewed the card holder data process flows and start and end points, as well as the third party interactions and the architectural and operation design diagrams. We then conducted a workshop meeting with key stakeholders to identify exactly what we needed to assess (both internally and third parties) in order to understand fully where and how all elements of the platform were compliant with PCI DSS. We also identified the responsibilities among the different parties involved to ensure overall accountability and ownership.

The next phase was to visit all areas within the scope of PCI DSS to review compliance. Where areas of non-compliance were found, we identified remediation activities. As we conducted these reviews, we needed to document evidence of compliance through observations, documentation review and interviews. The output of the project was a formal report of compliance and attestation of compliance, signed off by the Red Island QSA Consultant.

Contact Us

Tel: +44 (0) 207 090 1000
Fax: +44 (0) 207 090 1001
This email address is being protected from spambots. You need JavaScript enabled to view it. | Find Us

News & Events

Mark Thomas appointed as Head of Red Island Consulting

Mark Thomas recently joined as Head of Red Island Consulting bringing over 25 years experience in...

RPI - X Factor 2012 opens for entries

Gemserv is looking for the best musical talent to enter RPI - X Factor 2012, an annual charity ba...

Latest Publications

Download our latest issue of Revolution

Download PDF