Crimson Security Inc. is an information security compliance and assessment firm established in 2002 by a group of security professionals. Crimson is a privately held corporation and has been a PCI QSA company since the beginning of the program in 2006. Crimson has conducted on average around 40 assessments per year since then.
Crimson has worked with companies of different sizes, functions and structures. Some atypical examples include global telecommunication companies, hosting companies with high levels of virtualization; SAAS service providers, media companies, service providers and customer combinations, banks, airline companies, collection agencies, hosting companies etc. with complex networks, atypical application architectures, unique inter operations with their clients and vendors and sophisticated infrastructures.
Crimson QSAs all have over 20 years of experience and have all got security certifications such as CISSP, CISM etc. Our QSAs are CISSPs and are training as ISO 27001 Lead auditors and have other certifications such as SANS GIAC too. We have never had a QSA employee placed in remediation.
Crimson Security has a secure portal that manages the information and enables report generation and the reports are delivered using our encrypted channel (256 bit) or are delivered in a secure encrypted manner based on any secure channel that our clients prefer.
At Crimson we are flexible and customize as needed. We believe that the assessment is a consultative and collaborative exercise to ensure compliance and work with our clients to achieve this.