“RSI Security helped us get policies and procedures ready, set us up to gather the evidence we needed, and then facilitated every step of the PCI assessment.”
- Guido Solares, Director of Information Security
Challenges
Tilly’s is a specialty retailer of casual apparel and accessories founded in 1982 and rooted in Irvine, California. Tilly’s focuses on emerging global and California-based brands targeting active and social lifestyles, and it currently operates 244 stores across 33 states.
Tilly’s e-commerce presence helps consumers across the country access iconic styles at affordable prices, regardless of their location. To better serve its customers across the US, Tilly’s set out to improve its e-commerce platform with greater security and data privacy, including seamless compliance with the Payment Card Industry (PCI) Data Security Standards (DSS).
Maintaining PCI compliance requires robust security program management, including ongoing assessment and risk management, along with document preparation and audit readiness. Tilly’s sought out a managed security service provider (MSSP) to optimize its cyberdefenses.
“RSI Security helped us get policies and procedures ready, set us up to gather the evidence we needed, and then facilitated every step of the PCI assessment.”
– Guido Solares, Director of Information Security
Security Advisory
RSI Security began Tilly’s advisory phase by reviewing all current security procedures and determining the scope of PCI implementation required. Some adjustments were made to Tilly’s security architecture to simplify control implementation and reduce overall assessment burden.
“During the advisory phase we uncovered a couple of hurdles,” Guido recalls. “We had a lot of different departments and people complicating IT communication…a lot of processes needed to be improved or implemented.”
Compliance Assessment
RSI Security conducted the PCI assessment and prepared all necessary paperwork for Tilly’s to achieve compliance. This required documentation of how each requirement was being met, with diligent Self Assessment Questionnaire (SAQ) and Attestation of Compliance (AOC) reporting.
Guido says: “Having a plan and documentation in place made the assessment much less challenging than it was last year. It’s the reason we go through it all…for clean assessments with no findings. RSI Security made it much easier to achieve PCI compliance for Tilly’s.”
Managed Services
After the assessment, RSI Security continued to assist Tilly’s through a managed security program. RSI Security manages monthly and quarterly assessments and log reviews, leading up to quarterly consultations to make sure Tilly’s sustains long-term compliance and security.
“RSI Security’s managed services provide a way to spread the workload out, making sure the actual compliance audit gets done quicker and with lower costs. They worked with us to make sure all the follow-up audits were dealt with,” says Guido.
Outcome
With RSI Security’s help, Tilly’s was able to complete their PCI assessment well before the deadline, with no findings or additional adjustments needed. Tilly’s now sports a robust, efficient cybersecurity program that maximizes data privacy and integrity while also alleviating burdens across their technical staff. Policies and procedures are clear and easily accessible, and evidence is documented and ready to streamline all future PCI compliance assessments.
RSI Security’s managed services ensure that Tilly’s cybersecurity program operates efficiently with workloads spread out evenly across regular intervals. That way, audits are quicker and less expensive, and areas like training are easily replicable and scalable for ongoing cybersecurity.
“RSI Security’s managed services make everything easier on our staff. We saw a huge improvement for tech staff across the board, as that part of their work is now managed throughout the course of the year instead of dumped on them all at once.”
- Guido Solares, Director of Information Security
LATEST
Case Studies
Tilly’s Case Study
“RSI Security helped us get policies and procedures ready, set us up to gather the evidence we needed, and then facilitated every step of the PCI assessment.”
Power Digital Case Study
“Constant communication. Weekly meetings. Went out of their way to be minimally intrusive to our business.”
Meltmedia Case Study
“RSI Security was the best conversation, had the most appropriate pricing, and was just the right amount of invasiveness for our organization.”
WorkWave Case Study
“We didn’t really have a ton of experience in payments compliance, But the RSI Security team was always patient with us, explaining what we needed. It really felt like they were along with us at every step to make sure we were successful.”
Finix Case Study
“With RSI Security, we feel like a valued client, not just another name in a book of customers. And that means a lot, especially when working with a small, but growing, company like Finix.”
CUSTOMERS
Organizations that trust RSI Security
