Our Services

PCI DSS Version 4.0.1 assessments

The core of our offerings lies in PCI DSS Version 4.0.1 assessments, where we will conduct a thorough evaluations of your systems, processes, and controls. This meticulous examination ensures that your organisation adheres to the latest PCI DSS standards, promoting the secure handling of payment card data and mitigating the risk of data breaches.

PCI DSS Version 4.0.1 gap analyses
With Version 4 becoming compulsory after 31st March 2024 we offer Version 4 gap analyses, helping your organisation to understand the differences between their current state of compliance and the updated standards. We will support you in implementing any necessary improvements and ensure your practices align with the stringent security measures mandated by PCI DSS Version 4.

Pre-Audit Assessment
Prior to formal audits, we offer pre-audit assessments, offering you a strategic advantage by identifying potential compliance gaps. This proactive approach allows you to address issues before the official audit, streamlining the compliance process and minimizing the risk of non-compliance.

Self-Assessment Questionnaires (SAQs)
If your organisation is eligible for Self-Assessment Questionnaires (SAQs), Locked Stack offers specialized services to guide you through the self-assessment process. We offer detailed assistance in completing SAQs, ensuring accurate and comprehensive responses, and facilitating compliance with PCI DSS requirements.

Locked Stack is a trusted partner for compliance, helping businesses establish and refine their data governance frameworks through meticulous policy review and policy writing services for best practice in data governance. Our commitment extends beyond compliance, fostering a culture of responsible and effective data management.

At the heart of Locked Stack's offerings is our expertise in data governance, a strategic approach that ensures organisations effectively manage, protect, and leverage their data assets. Our team works with clients worldwide to establish robust data governance frameworks, aligning policies and procedures with industry best practices and relevant regulatory requirements.

Our comprehensive technical security services include internal and external penetration testing, vulnerability scanning, and application penetration testing.

For PCI DSS compliance, both external and internal testing are required, including network segmentation testing if applicable. All penetration tests follow best practices from ISO/IEC 27001, NIST, OWASP, and CIS.

• Application penetration testing involves meticulously examining software for vulnerabilities exploitable by attackers. This service helps organizations identify and rectify software flaws, safeguarding sensitive data and ensuring regulatory compliance.

• External penetration testing services focus on probing external-facing systems, such as websites, servers, and applications, simulating real-world cyber threats. Our aim is to pre-emptively detect and rectify vulnerabilities that malicious actors could exploit, thereby fortifying our client’s defences against external cyber threats.

• Internal penetration testing utilises sophisticated techniques to evaluate the resilience of our clients' internal networks, identifying potential vulnerabilities and weaknesses within their infrastructure. This includes scrutinising user privileges, network configurations, and data access controls to ensure robust internal security measures.

For PCI DSS compliance, both external and internal testing are required, including network segmentation testing if applicable. All penetration tests follow best practices from ISO/IEC 27001, NIST, OWASP, and CIS.

Our team is certified with ISO Lead Auditor 27001, CISSP, CISM, CRISC, or OSCP.

• Segmentation testing ensures that network segments are effectively isolated and secure. By scrutinizing the integrity of network boundaries, Locked Stack helps its clients prevent unauthorized lateral movement between network segments as well as containing potential breaches. Our segmentation testing service was developed and continuously evolves with industry standards in mind such as PCI DSS.

Recognising the critical role vulnerability assessment plays in our clients fortifying digital defences, this service delivers cutting-edge solutions that identify and mitigate potential security risks across diverse IT environments. Both internal and external vulnerability scanning are required for PCI DSS Version 4 and external scanning must be completed by an Approved Scanning Vendor (ASV).

• We offer continuous scanning and monitoring, providing our clients with real-time insights into evolving threats. This proactive approach has enabled our clients to address vulnerabilities promptly and reduce the window of opportunity for potential exploitation.

• Vulnerability scanning services include external scans focus on identifying vulnerabilities exposed to the internet, safeguarding against external threats.

Locked Stack is a global partner for ISO 27001 readiness, ensuring clients meet the international standards in place and establish robust information security processes.

Our core offering is ISO 27001 readiness, aligning security practices with the stringent requirements in place. We conduct meticulous assessments of current controls, policies, and procedures, identifying areas for improvement.

With a commitment to confidentiality, integrity, and availability, our professionals develop robust information security management systems, fostering continuous improvement and resilience against cyber threats.

Beyond compliance, we emphasise a solid information security foundation. Our services include risk assessments, security policy documentation, and best practices implementation to fortify against data breaches and unauthorized access.

Locked Stack offers comprehensive cybersecurity assessments based on the NIST Framework, tailored specifically to our clients’ needs. We specialise in aligning organisational cybersecurity with the NIST Cybersecurity Framework, ensuring robust risk management.

Our core service includes NIST Framework assessments, evaluating policies, processes, and controls across five functions: Identify, Protect, Detect, Respond, and Recover. We identify vulnerabilities, implement protective measures, and establish robust cybersecurity practices.

We conduct thorough reviews of incident detection and response capabilities, empowering your organization to effectively respond to cybersecurity incidents. We help strengthen defences, meet regulatory requirements, and safeguard information from emerging threats helping our clients build and maintain a secure digital environment.

Our managed approach provides clients with personalised support from setup through to ongoing monitoring. We provide clients with access to a cutting-edge cybersecurity training platform tailored to our clients’ needs and objectives. Committed to fortifying the human element in cybersecurity, we deliver training in eLearning, remote, and onsite formats.

Committed to empowering organisations against cyber threats, our training services deliver a dynamic training experience: access a vast library of resources including phishing simulations and educational content to address cybersecurity challenges and enhance employee vigilance.

In addition to online training, Locked Stack offers remote and onsite sessions led by seasoned professionals. These provide practical insights, hands-on exercises, and opportunities to address specific organizational concerns. Our training fosters collaboration, allowing employees to ask questions, engage in discussions, and receive immediate feedback.

Our executive reporting provides detailed statistics and success/failure rates to highlight the gaps and inform internal training and awareness campaigns.