Proactis
  • Home ›
  • Contract register ›
  • PCI QSA Review
Return to contract register

Contract details

Contract: PCI QSA Review

Details

Buyer:
Cornwall Council
Department:
Customer and Support Services
Title:
PCI QSA Review
Description:
Cornwall Council request quotations for the following : The QSA will be responsible for the following: • PCI DSS Scope Definition: Review the already identified system components, people and processes that store, process, or transmit cardholder data (CHD) and define the complete PCI DSS scope for the Council. • Readiness Assessment: Conduct a thorough assessment of the Council's current information security controls and practices against the requirements of PCI DSS v4.0. This assessment should include: Review of relevant policies, procedures, documentation and programs to include the methods for monitoring and management of third-party service providers. • Review recently updated internal PCI awareness training materials • Evaluation of network security controls, including segmentation and firewalls. • Review the data flow diagrams • Assessment of system and application security, including vulnerability management and patching. • Analysis of data security controls, including encryption and access controls. • Review of logging, monitoring and testing practices including unauthorised Wi-Fi networks. • Assessment of incident response and business continuity plans. • Identify areas where it is appropriate to use sampling whilst ensuring it is representative of the overall scope and complexity of the CDE • • Gap Analysis: Based on the readiness assessment, identify any gaps or deficiencies in the Council's current controls that prevent compliance with PCI DSS. The gap analysis should provide a clear and actionable roadmap for remediation, including: Prioritization of identified gaps based on severity and risk. • Estimation of resources and costs required for remediation. • Recommendations for specific corrective actions and timelines. • • PCI DSS Report of Compliance (ROC) Assistance: Provide guidance and support to the Council's internal team in completing the applicable report for the assessment. This includes: Explaining the requirements of each ROC section. • Assisting with data gathering and evidence collection. • Reviewing and validating completed ROC for accuracy and completeness. • Information Classification: CONTROLLED PCI DSS Audit Methodology: Develop a repeatable and sustainable approach for future annual PCI DSS audits by the Council's PCI Internal Security Assessors (ISAs). This includes: Documenting the audit methodology, including roles and responsibilities, procedures, and timelines. Providing training and knowledge transfer to the Council's ISAs on PCI DSS audit best practices. Developing audit templates and tools to simplify future audits. Deliverables The QSA will provide the following deliverables: • A detailed report of the readiness assessment findings, including identified gaps and recommendations for remediation. • A prioritised gap analysis report with estimated costs and timelines for remediation efforts. • Completed and validated PCI DSS ROC. • Documented PCI DSS audit methodology and training materials for the Council's ISAs.
Description of the geographical coverage:
Reference no:
DN720793
Estimated total value:
£41,552.00
Estimated annual value:
£31,350.00
VAT not recovered:
£0.00
Participating organisations:
N/A
Keywords:
N/A
Start date:
23/04/2024
End date:
30/11/2026
Awarded date:
30/11/2026
Awarded value:
£41,552.00
Appraisal date:
Not provided
Review date:
30/09/2026
Initial contract period:
30 months
Total option to extend:
Total contract period:
30 months
Available extensions:
0 with 0 taken
Central purchasing body:
Cornwall Council
Framework:
N/A
Find a Tender (FTS):
No
Process used:
RFQ

Primary contact

Title:
Mr
First name:
Neil
Surname:
Glasson
Email address:
Neil.Glasson@cornwall.gov.uk
Telephone number:
01872322260
Fax number:
Mobile number:

Awarded supplier(s)

Company name Company reg number SME/VCS VCS reg number Contacts Postcode
Claranet limited -
  • - miss Alysha Marshall
WC1V 6JS
Show more

Categories

  • 48000000-8 - Software package and information systems
Show more

Notes

Public notes:

Custom details

Public attachments

help Public attachments can be viewed by all users (buyer, supplier or visitor)

No attachments

  • Cookie policy
  • Terms and Conditions
  • Privacy
  • Accessibility
  • Help Center

Version

Your session is about to expire in

Please use the button below to continue working

Loading...

At Proactis we value your privacy

We use essential cookies to make our website work. We’d also like to set optional cookies to provide you with the best experience and help us to improve the site.

If you are happy with this, please select "Accept all". Further information on the individual cookies we use, their purposes and to easily manage these, please click "Manage options".

Cookie Policy   |   Privacy policy

Cookie Policy

To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.

What are cookies?

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don't have to keep re-entering them whenever you come back to the site or browse from one page to another.

How do we use cookies?

A number of our pages use cookies, for example to remember:

  • Your display preferences, such as contrast colour settings or font size
  • If you have agreed (or not) to our use of cookies on this site

Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that, some features of this site may not work as intended.

Please see the table below for more information on what cookies are used on this site and their purpose:

Category of use Description
Session and persistent cookies Similar to most websites, we use 'session cookies'. These cookies only exist for the length of time that you visit our site and are are deleted once you close the browser. We also use 'permanent cookies' known as 'persistent cookies' which remain stored on your browser ready for use the next time you visit our website.
Authentication We use cookies to help us show you the right information and personalise your experience when you’re logged in.
Security We use cookies to enable and support our security features, and to help us detect malicious activity and violations of our Website Terms and Conditions.
Preferences, features and services Cookies can help you fill out forms on our site quicker. They also allow us to recognise if you’ve contacted us before – for example through our Live Chat. You can learn more in our Privacy Policy.
Performance, Analytics and Research Cookies help us learn when you access our site from other websites, applications, or devices such as your work computer or your mobile device.

How to control cookies

You can control and/or delete cookies as you wish - for details, see below. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
AllAboutCookies.org

At Proactis we value your privacy

We use essential cookies to make our website work. We’d also like to set optional cookies to provide you with the best experience and help us to improve the site.

Details of the essential and non-essential cookies we use are provided. You can confirm your consent preference for non-essential cookies using the toggles within the table.

Essential cookies


Name Type Description Expiry
.ASPXAUTH Session Cookie These cookies are used when authenticating your access to ProContract. End of Session
__RequestVerificationToken Session Cookie This cookie is used to prevent Cross Site Request Forgery (CSRF) attacks. This is a is a type of malicious exploit of a website where unauthorised commands are transmitted from a user that the web application trusts. End of Session
ASP.NET_SessionId Session Cookie This cookie is used to identify your user session. This cookie allows our web servers to respond to your actions on the website such as "Expressing interest in opportunities" or browsing the website. The website wouldn't work for you without it End of Session
ContractRegister_Org_PortalId Session Cookie These cookies are used to store and recall information when searching/using the ProContract Contracts Register. End of Session
ContractRegister_Portal_PortalId Session Cookie These cookies are used to store and recall information when searching/using the ProContract Contracts Register. End of Session
Opportunity_Org_PortalId Session Cookie These cookies are used to store and recall information when searching/using the ProContract advertised opportunity portal. End of Session
Opportunity_Portal_PortalId Session Cookie These cookies are used to store and recall information when searching/using the ProContract advertised opportunity portal. End of Session

Non-Essential Cookies


Name Description On/Off
Application Insights

This is a service provided by Microsoft which collects data to allow us to monitor the health and status of the web application.

GoogleAnalytics

These cookies are used to track and store anonymised user usage. Please click here for further information.;