Background
Company (NCMIC) was formed in 1946 by a group of chiropractors with the purpose of offering malpractice insurance to D.C.s when no one else would. The NCMIC Group is unique as it functions as a merchant (insurance company), but also as an Independent Sales Organization (ISO) taking credit card payments. CIO and CRO of the entire NCMIC Group, Eric Madcharo and his team exemplify the company slogan,“We Take Care of Our Own” as they protect sensitive data and comply with PCI DSS.
“In working through audits, it’s a rare-find where the company consistently brings a positive approach to working through issues as opposed to a mind-set of penalties and being punitive in nature. One of the best outcomes we’ve experienced in working with SecurityMetrics is a sense that they are on our side to help us meet and stay PCI compliant. From great folks, to strong communications all lead to an overall positive experience that with their help, we consistently learn and improve our environment.”
Eric Madcharo
CIO and CRO
NCMIC
Challenges You Faced With PCI Compliance
- As the PCI standards have evolved, staying current is a challenge. As with any standard, there is always room for interpretation and options available to meet the goal.
- Working with a partner who is intimately familiar and knowledgeable with all facets of PCI is not always the case. Unfortunately, many companies provide consulting resources that come up short and are not well versed in all of the aspects of operating a complex IT environment and how PCI fits in.
- Finding and working with a partner that not only helps us meet PCI compliance, but provides great customer service and education along the way that results in our own internal folks being better at what they do.
Resolving Challenges With SecurityMetrics
- SecurityMetrics has been a strong and readily available resource to provide guidance on our environment to maintain PCI compliance. When a PCI question or a shift in our technical environment is being contemplated, we won’t hesitate to pick up the phone and reach out to SecurityMetrics for their guidance knowing we’ll get sound and clear advice.
- As NCMIC has worked with SecurityMetrics, we have consistently found the resources assigned to our engagement are top-notch; they consistently bring a depth of experience and knowledge to the table that helps us go through a smooth review process.
- Consistently as we have worked with SecurityMetrics, they are truly committed to helping companies imple- ment and build strong security environments for their technology. During the process, they have helped our staff become more knowledgeable and stronger in meeting the security challenges we face.
Goals Achieved Working With SecurityMetrics
- Received a passing Report on Compliance that gives us the ability to demonstrate full compliance to partners, customers, etc.
- Restrict access as much as possible to sensitive data in our environment.
- Found a reputable, helpful, and responsive partner to assist with ongoing PCI and data security questions and implementation.