Compliance and Program Development
The GEOBRIDGE Professional Services team holds decades of hands-on experience in network security, architecture and implementation. The team has assisted numerous organizations with the establishment of policy and procedure, program creation and documentation. Leveraging many seasoned certified assessors with years of experience with merchants, processors, acquirers, service providers and issuers to assure compliance, and enable cryptographic and key management solutions.
GEOBRIDGE provides program development, design and documentation for policy and procedure requirements that satisfy mandates for PCI PIN Security and Key Management Programs, Network Operations, Incident Response Plans, and Corporate Security Policies to align with industry compliance requirements and best practices.
GEOBRIDGE has worked with multiple organizations to develop and implement Key Management programs specifically addressing these critical elements:
- Secure Room Policies
- Oversight & Monitoring Requirements
- Uniform Document Procedures
- Governance Parameters
- Personnel Guidelines
- Equipment Inventory Procedures
- Cryptographic Keying Material Procedures
- Key Exchange Procedures
- Access to Cryptographic Keying Materials Logs
- Performance Management Goals
- Customized Program documentation
- Final Program Participant Training
Compliance at the Highest Level
GEOBRIDGE participates and monitors both national and international Standards. The KeyBRIDGE platform was designed with compliance and security standards being the most important consideration in our development. Our customers can always look to us for guidance and be assured that the KeyBRIDGE complies with the following industry standards:
- ANS X9.24-1-2017: Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques.
- ANS/X9.TR.39-2009: TG-3 Retail Financial Services Compliance Guideline Part 1: PIN Security and Key Management.
- ANS X9 TR-31 2010: Interoperable Secure Key Exchange Key Block Specification for Symmetric Algorithms.
- ANS X9.97-2009: Financial services – Secure Cryptographic Devices (Retail) Part 1: Concepts, Requirements and Evaluation Methods.
- ANS X9.52-1998: Triple Data Encryption Algorithm Modes of Operation.
- Payment Card Industry (PCI) PIN Security Requirements.
- FIPS 140-2: Security Requirements for Cryptographic Modules, Security Level 3, Certificate #2434.
PCI DSS, PCI PIN, PCI P2PE, & TR-39 PIN Security Compliance
On-staff certified assessors for payment card industry requirements provide guidance and documentation creation assistance for gap analysis, remediation, and final assessment services related to PCI DSS, PCI PIN, PCI P2PE, and TR-39 PIN Security compliance. Providing program design and documentation for policy and procedure requirements that satisfy mandates for PIN Security and Key Management Programs, Network Operations, Incident Response Plans, and Corporate Security Policies to align with industry compliance requirements and best practices.
As GEOBRIDGE maintains an active voting presence and technical editing service to organizations like the Accredited Standards Committee X9, GEOBRIDGE resources remain knowledgeable, effective, and ahead of the curve to support our clients for the purposes of maintaining compliance and program documentation.
Adept In The Documentation Of Policies And Procedures
With our direct exposure from systems integration services along with strategic partnerships maintained with dozens of technology manufacturers throughout the industry, GEOBRIDGE has created and utilizes numerous templates and dictionaries that help to fast-track completion and alleviate the burden of un-common naming conventions among disparate technologies.
GEOBRIDGE has seasoned certified assessors who are adept in the documentation of policies and procedures that must be maintained, allowing for future updates, and evaluated for audit purposes, GEOBRIDGE ensures that your documentation will seamlessly map to required mandates allowing for quicker and more successful audit cycles.
By partnering with our clients and our associated network of leading manufacturers and standards organizations, we are able to continuously create new strategies that allow our clients to plan, build, and operate effective security and compliance programs.
Documentation deliverables include:
- Comprehensive User Manuals
- Key Management Policies and Procedures
- Development Release Notes
- Quick Start Guides
- PED Wiring Diagrams