Featured Whitepaper

The Top 8 Questions to ask about Virtualization in a PCI Environment

The Coalfire Blog
Phishing Season: Spam on the rise

Within the past two weeks there have been several reports on the increase in email spam...

Hospitality

IT GRC with a Smile

Restaurants and hotels are fast-paced and complex businesses where sensitive data and IT risk management is challenging.  You can’t service your customers without processing credit cards, and in many cases, storing information about them in a loyalty system. Yet, there is an ever-present risk of payment fraud, consumer privacy violations and business disruption from cyber attack.

A well-run IT governance, risk and compliance (IT GRC) program will help you manage these risks and comply with data privacy laws and standards such as the PCI DSS.  It also will help you safely implement new technologies that move your business forward while building a culture of security awareness across your organization and especially with front-line employees.


A Menu Full of Options

The good news is that there are proven solutions that can keep you safe: network segmentation and management tools, validated payment applications, tokenization and encryption solutions, logging and monitoring services, and many more, not to mention a long list of consultants that can help you implement them. But how will you decide what solutions are right for your business?

Serving You, Not Ourselves

Coalfire was founded in 2001 and is now the leading independent IT GRC firm – and Qualified Security Assessor - serving the hospitality industry. Our client list is a veritable 'who’s who' in the restaurant industry.  

Many of our clients have chosen Coalfire because of our knowledge of their POS application (Coalfire is also the largest independent PA-QSA).  Others partner with Coalfire because they want to be sure that the advice they are getting is completely independent and unbiased (Coalfire does not sell security solutions, nor do we accept fees from those who do).

Each client comes to understand that our goal is not to simply put a ‘check in the box’ on a compliance report, but rather we help them develop a balanced, cost-effective GRC program that gives them the information they need to make the decisions that are right for their business.

Coalfire Can Help

Often, it makes sense to start with a comprehensive IT Risk Assessment, which will help you identify and prioritize all the risks you are responsible for managing. If you're a large organization in need of a formal, independent assessment, as required by your processor, our Report on Compliance (ROC) service is the right place to start.  If you are a small merchant looking to do a Self Assessment Questionnaire (SAQ) and would like to measure compliance on your own, consider our Facilitated Self Assessment service.  Finally, if you simply want some best-in-class tools to assess your business and build your own reports, consider our Navis services. Regardless of where you are on your IT GRC journey, Coalfire is the right partner.