Normally, when TCT goes into a new client engagement, we like to take a very strategic approach that maps out the entire engagement over the course of six to nine months. Normally, we take the entire engagement methodically and pace it out so that no one has to work an ungodly number of hours each week. Normally.
With the help of TCT Portal, our compliance management software, Transaction Services was able to navigate the compliance waters with tremendous efficiency.
PCI Certification Panic Mode
Here’s how Transaction Services CEO Scott Martin describes the situation.
Before TCT Portal, it was something of a scramble that had several gaps as we came close to our annual audit. It was a fire drill that created anxiety as we pulled together all the information needed to meet the certification deadline.
TCT came in. Through the use of TCT Portal, we have been able to pull all the evidence together, organize it, and ultimately satisfy our QSA without unnecessary drama, or last minute fire drills.
TCT was looking at an astronomically compressed timeframe, and the client certification date was looming. We didn’t have any choice, we simply had to get through the process very quickly.
Pulling off a Small Miracle
The number one priority was to get everything organized, which is where TCT Portal shines.
About ten people on the client side were gathering evidence and sending it up the workflow. Meanwhile, TCT’s crew was simultaneously reviewing evidence and passing it up to the Assessor. At the same time, the Assessor was reviewing items in the TCT Portal and processing items on their end (either closing items out that were complete or moving them back down with commentary on additional evidence required).
TCT Portal allowed 12 to 15 different people to attach evidence, move it up, do reviews, move items down, and close them out — all simultaneously.
In Scott’s words…
The Portal itself was certainly helpful in identifying the fires to put out, and to make sure we were focused on doing the right things at the right time. TCT Portal makes sure that as we get to the point where external Auditors come in, everything is tightened up.
Adam was a real pro — always positive, and a good coach in getting things done and managing the process.
Using the tool and the tracking, and the advice of Adam and his crew, we went through the Assessment in a smooth and highly organized way. And it’s progressively gotten easier as our organization has matured. Using the tool keeps us on track with our compliance obligations.
TCT Portal Takes the Chaos Out of Compliance
We couldn’t have gone through that process in that time frame without TCT Portal. Using the Portal was the only way that we could have stayed sane and kept everything organized.
Transaction Services entered their annual audit and passed the Assessment. From there, we rolled into Operational Mode, which helps to keep engagements normal and sane. That was in 2016, and TCT has been working with Transaction Services ever since.
Here’s what Scott has to say about working with TCT.
We’re a relatively small company and everybody wears a lot of hats. Having an external resource like TCT helps us to be disciplined. When we get down to the quarterly or annual reviews, it’s really a drama-free solution for us in terms of compliance.
TCT Portal helps us keep our ducks in a row, both from a PCI and a SOC-2 perspective. It’s nice to have all our compliance managed in a single portal. The Portal’s mapping capabilities let us upload evidence, and it’s mapped to all of our certifications, lightening the load. Without that capability in the Portal, it would be a much bigger challenge to get through the SOC audit.
Being able to say we’re SOC 2 certified is quite a feather in our cap. It’s an important thing when we’re dealing with clients that are publicly traded with their own infosec groups that have arduous requirements. They take comfort in us having SOC in addition to PCI.
TCT is never one to shy away from a challenge — especially if it means helping a client that’s in a bad spot. We didn’t want to see a business lose its certification, and TCT Portal helped us pull off a small miracle. That, combined with TCT’s capabilities of managing compliance, and being able to offer recommendations of good providers to work with were all factors leading to success.