- Client Login
Office Closed: Be aware that the Delap physical office is closed for renovations. Click here to learn more.
Security and compliance are not synonymous. Compliance should be a side effect of well-designed security controls. Using a risk-based gap analysis approach, our professionals assist clients globally as they walk through the often muddy waters of compliance and regulatory requirements. Whether requirements come from national or international standards or other regulatory bodies, the focus remains on security.
PCI DSS stand for the Payment Card Industry Data Security Standard and was adopted by the payment card brands for the protection of cardholder data being processed, stored, and/or transmitted.
Since 2000, the Payment Brands and Payment Networks have mandated security compliance reviews to ensure member financial institutions maintain the highest level of network security.
The Statement on Standards for Attestation Engagements Number 18 (SSAE 18) was issued by the AICPA for reporting on controls at a service organization.
There are likely numerous audits or internal assessments that your business units or stakeholders have requested, and while completion would provide management with valuable decision-guiding data, you just don’t have the capacity to complete them all in a timely manner.
Let us enable your team to stay on top of that pile of requests, by leveraging our experience to facilitate and drive initiatives on your behalf. You’ll get clarity on information security and regulatory compliance locally and internationally.
Develop and/or assist with development of audit programs/processes.
Provide external/independent, targeted assessments to provide deep-dive analytics on specific challenges.
Provide resource augmentation for strategic internal audits.
Quarterly onsite meetings or conference calls to discuss industry updates, review internally developed IT audit programs, discuss developments in relevant standards/regulations, etc.
Develop a tailored audit program that addresses key risk and compliance objectives. Include external risk reporting to evaluate if an acquisition prospect has any significant risks before allowing them to connect to corporate.
Delap training covers various facets of retail payment security. With a focus on protecting the cardholder authentication, the classes cover TR-39 concepts and controls for symmetric and asymmetric encryption as outlined in current ANSI Standards and PCI PIN Security Requirements. See course descriptions for more information.
We can provide custom training classes to assist companies in assessing compliance with PCI DSS requirements and other cybersecurity related risks. Our training helps customers evaluate risks related to security as they seek to comply with industry requirements and prioritize their cybersecurity strategy.
Delap has been providing both public and private classes, domestically and globally, since 1997. Learn more about our history here.
| Principal | CTGA | QPA | CISM | CISA
Andrea has spent over 20 years in the financial services industry, cultivating and narrowing her technical expertise to focus in PIN Security and Key Management related to POS and ATM transactions. She developed and implemented the most extensive Processor‑driven PIN Security and Key Management compliance reporting program in the retail banking industry. As a subject matter expert, she provides risk review and consulting services to banks, processors, merchant processors, device manufacturers, certificate authorities, remote key delivery hosts, and key injection facilities in the U.S. and internationally.
Andrea is vice chairperson of the ASC X9F6 Working Group, serving as the Technical Editor for the extensive rewrite of ANS X9.24 Part 1, published in 2017. Andrea also serves as a X9 board member and U.S. Expert to ISO TC68 SC2 WG13, involved in development of international versions of security standards.
Delap is registered with the National Association of State Boards of Accountancy (NASBA), as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through their website: www.nasbaregistry.org.