Trust Center FAQ White Papers Glossary
We simplify PCI compliance for companies running QAD®
 

Trust Center

trust-center-bright-lion.jpg

Integral to our PCI DSS compliance efforts are independent, expert service providers who perform quarterly vulnerability scans, twice a year tests on segmentation controls, and annual penetration tests. Additionally, Bright Lion retains a Qualified Security Assessor (QSA) to annually validate our compliance with PCI DSS.

Our PCI DSS Charter

Bright Lion® is committed to providing a safe and secure cardholder environment to our customers, while reducing their compliance overhead for Payment Card Industry (PCI) Data Security Standards (DSS). Our Zencurity® service includes a solution for securing ecommerce environments, and a solution for securing inside sales with P2PE devices. Customers who sign up for the ecommerce service need to comply with PCI Self-Assessment Questionnaire (SAQ) A standards, and customers who sign up for the P2PE device service need to comply with SAQ P2PE standards.

Zencurity includes a patent-pending payment technology and PCI compliant best practice standards such as the use of encrypting keypads and key injection services. To build the safe and secure cardholder environment, Bright Lion has executed on the following: 

  • Implemented a cyber-resilient culture, one where employees are not only trained on best practices, but also taught to detect and respond to cyber attacks.

  • Documented policies and procedures to accurately reflect the operating standards. Additionally, trained all employees and contractors on the documented policies and procedures.

  • Implemented IT asset life cycle management practices, which involve security asset disposal.

  • Invested significantly in commercial cyber security tools provided by companies who are leaders in the industry. 

  • Implemented a sustainable security operations framework that includes vulnerability identification and remediation, and security monitoring and response.

  • Implemented secure software development techniques, which includes secure coding, code analysis and penetration testing.

Bright Lion is a Level 2 Service Provider, and we have performed a self-assessment against SAQ-D, which has been confirmed by our QSA, Online Business Systems. We use an Approved Scanning Vendor (ASV) to perform vulnerability scans and penetration testing.

Technology Stack Supported By