Certification Success of a Premier Portuguese Financial Institution 

A Portuguese financial institution faced significant challenges in obtaining specific certifications within a complex and chaotic environment. By implementing Governance, Risk, and Compliance (GRC) and Regulatory Technical Standards (RTS) activities, the institution successfully acquired all the necessary certifications. This strategic approach not only facilitated certification but also transformed the organization, resulting in a smoother and more structured operational system.

THE CHALLENGE  

A large Portuguese financial institution encountered significant challenges in obtaining critical certifications. These included the Payment Card Industry Data Security Standard (PCI DSS) certification for a major bank in Portugal, as well as the PCI DSS certification for over 30 merchants affiliated with the institution.  

THE SOLUTION  

Given the size and complexity of the organization, these challenges were addressed through the implementation of various GRC and RTS activities, such as scope and gap analysis, remediation plans (GRC), penetration tests, external and internal scans, ASV scans, Wi-Fi tests, and segmentation tests (RTS). 

THE BENEFITS 

After ensuring compliance with regulatory requirements and evaluating cyber defenses, the institution succeeded in obtaining the first PCI DSS certification for the major bank in Portugal. This achievement involved delivering a Report on Compliance (RoC) and an Attestation of Compliance (AoC). Additionally, the organization obtained PCI DSS certification for more than 30 merchants. The process also revealed RTS opportunities related to testing and scanning (cross-selling) and initiated a long-term project, enhancing the company’s reputation in the market. 

Copyright © Convergia 2024. All rights reserved.