With our in-depth knowledge of the security industry we can implement technical remediation controls based on industry best of breed products.
PCI DSS is a multi-faceted standard and 2e2’s extensive experience means we can assist with developing the required policies and procedures and processes that complement the technical controls of the standard.
PCI DSS Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements to help organisations proactively protect customer account data. The principles and accompanying requirements are designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.
PCI DSS applies to ALL organisations or merchants, regardless of size or number of transactions, that accept, transmit or store any cardholder data. Service providers who store, process, or transmit cardholder data on behalf of another entity are also subject to the PCI DSS requirements.
2e2 can assist at any stage of PCI DSS compliance.
2e2 employ PCI Qualified Security Assessors (QSAs) and experienced information assurance consultants who can provide; scope assessments, gap analysis, remediation planning, remediation implementation, SAQ assessments, ASV scanning and policy and procedure development
Whether you are at the initial stages of the journey towards PCI DSS compliance or you are already compliant 2e2 can provide consultancy services to assist you on the next steps in your programme. From the initial scope assessment we can provide guidance on reducing the scope to which PCI DSS requirements apply.
We can produce a gap analysis against the requirements with recommended remediation activities providing you with an accurate action plan.
Within the Public Sector the constant need to improve service levels to citizens requires the sharing of information across departments and organisations. To ensure that this is achieved consistently and securely both central and local Government have a number of initiatives in place.
Through 2e2’s extensive public sector experience we can help you to connect to Central Government and improved information sharing between local authorities and NHS, securely and effectively.
GCSX should be regarded by both central and local Government as the de-facto option for data transfer because it provides an unequalled level of security and is good value. Significant potential exists for increasing the data transmitted between local and central Government over GCSX.
GCSX is a secure, accredited, fully managed service. The service is hosted from geographically separate data centres, providing data security and network resilience at all times. The diagram below illustrates how GCSX interacts with the GSi and the Internet to deliver a secure communication network to local authorities.
Local authorities must be able to securely and conveniently access both National NHS applications hosted on the NHS Spine as well as locally hosted NHS Trust applications, using their existing GCSX connections.
2e2 recognises that local authorities and NHS Trusts have a strong requirement to share information including Patient Identifiable Data that needs to be accessed and transmitted securely. Whilst local authorities can now securely share patient data with NHSmail users via emails over GCSX, they can only gain record-level access to both national and local NHS applications and databases via a direct connection to the N3 network or discrete point to point connection to a local NHS Trust.
WEEE & RhoS Directives
2e2 provides a complete asset retirement/disposal service in compliance with all European and UK legislation and our unrivalled ability to realise significant residual value from underutilised or retired equipment. Customers can ensure secure and safe disposal of equipment complying with all data protection and environmental requirements.
Once the identified equipment has been retired, our PAR process ensures the organisation’s assets are disposed of in accordance with all relevant regulations including the WEEE Directive (Waste Electrical and Electronic Equipment), the RoHS Directive (Restriction of Hazardous Substances) and security-oriented legislation such as the Data Protection Act 1998. Proof of compliance with these regulations is provided with supporting documentation. Hard drives are wiped of data and any identifying marks on equipment are removed.
Research commissioned by 2e2 has revealed that vendor rhetoric has left over half (57%) of UK businesses struggling to establish if cloud services are suitable for them and if so, how best to implement them.
IT is fundamentally and inextricably linked to the day-to-day operations of almost all organisations, rendering them unable to transact business in the absence of adequate IT services. Find out more about 2e2 's ITSM practice.
2e2 has been awarded a framework agreement for IT Managed Services by Buying Solutions, the national procurement partner for UK public services.