Maintain PCI compliance

Tilly’s Case Study

RSI Security helped us get policies and procedures ready, set us up to gather the evidence we needed, and then facilitated every step of the PCI assessment.

compliance

“RSI Security helped us get policies and procedures ready, set us up to gather the evidence we needed, and then facilitated every step of the PCI assessment.”

- Guido Solares, Director of Information Security

Challenges

Tilly’s is a specialty retailer of casual apparel and accessories founded in 1982 and rooted in Irvine, California. Tilly’s focuses on emerging global and California-based brands targeting active and social lifestyles, and it currently operates 244 stores across 33 states.

Tilly’s e-commerce presence helps consumers across the country access iconic styles at affordable prices, regardless of their location. To better serve its customers across the US, Tilly’s set out to improve its e-commerce platform with greater security and data privacy, including seamless compliance with the Payment Card Industry (PCI) Data Security Standards (DSS).

Maintaining PCI compliance requires robust security program management, including ongoing assessment and risk management, along with document preparation and audit readiness. Tilly’s sought out a managed security service provider (MSSP) to optimize its cyberdefenses.

“RSI Security helped us get policies and procedures ready, set us up to gather the evidence we needed, and then facilitated every step of the PCI assessment.”

– Guido Solares, Director of Information Security

download

Security Advisory

RSI Security began Tilly’s advisory phase by reviewing all current security procedures and determining the scope of PCI implementation required. Some adjustments were made to Tilly’s security architecture to simplify control implementation and reduce overall assessment burden.

 

“During the advisory phase we uncovered a couple of hurdles,” Guido recalls. “We had a lot of different departments and people complicating IT communication…a lot of processes needed to be improved or implemented.”

Compliance Assessment

RSI Security conducted the PCI assessment and prepared all necessary paperwork for Tilly’s to achieve compliance. This required documentation of how each requirement was being met, with diligent Self Assessment Questionnaire (SAQ) and Attestation of Compliance (AOC) reporting.

 

Guido says: “Having a plan and documentation in place made the assessment much less challenging than it was last year. It’s the reason we go through it all…for clean assessments with no findings. RSI Security made it much easier to achieve PCI compliance for Tilly’s.”

lock-red

Managed Services

After the assessment, RSI Security continued to assist Tilly’s through a managed security program. RSI Security manages monthly and quarterly assessments and log reviews, leading up to quarterly consultations to make sure Tilly’s sustains long-term compliance and security.

 

“RSI Security’s managed services provide a way to spread the workload out, making sure the actual compliance audit gets done quicker and with lower costs. They worked with us to make sure all the follow-up audits were dealt with,” says Guido.

Outcome

With RSI Security’s help, Tilly’s was able to complete their PCI assessment well before the deadline, with no findings or additional adjustments needed. Tilly’s now sports a robust, efficient cybersecurity program that maximizes data privacy and integrity while also alleviating burdens across their technical staff. Policies and procedures are clear and easily accessible, and evidence is documented and ready to streamline all future PCI compliance assessments.

RSI Security’s managed services ensure that Tilly’s cybersecurity program operates efficiently with workloads spread out evenly across regular intervals. That way, audits are quicker and less expensive, and areas like training are easily replicable and scalable for ongoing cybersecurity.

casestudy

“RSI Security’s managed services make everything easier on our staff. We saw a huge improvement for tech staff across the board, as that part of their work is now managed throughout the course of the year instead of dumped on them all at once.”

- Guido Solares, Director of Information Security

LATEST

Case Studies

Epic Games Case Study

Macomb Community College Case Study

Lumistry Case Study

Tilly’s Case Study

RSI Security

Power Digital Case Study

Meltmedia Case Study

WorkWave Case Study

Finix Case Study

CUSTOMERS

Organizations that trust RSI Security

samsung
Screenshot 2023-10-13 142906
Epic
PowerDigital_SecondaryLogo_Transparent_Black_67181
Tenet
cisco-impact
Workwave-1
sandag
tarleton-state-university-logo-freelogovectors.net_
Island
Rady_Childrens_Hospital_logo.svg
Seal_of_Beverly_Hills_California.svg
century-club-sd