Drummond Group, LLC

Drummond Group, LLC

Speciality: Networking Pentesting

Durham, United States 53 employees
Visit Website View on LinkedIn
[01] About

Drummond Group, LLC is a private IT services and consulting company based in Durham, North Carolina, specializing in compliance, conformance, and standards certification, testing, and validation for regulated industries. The firm provides a full spectrum of penetration testing services, including networking, social engineering, red teaming, web application, and physical testing, with a focus on cybersecurity and compliance. Founded in 1999, it employs 26 staff and reports $9 million in annual revenue, establishing itself as a reliable and impartial partner in standards and cybersecurity assessments.

Drummond is a leading and trusted compliance, conformance, and standards certification, testing, and validation services provider. With over 25 years of experience, we have established ourselves as a reliable and impartial partner for organizations in highly regulated industries. Our comprehensive suite of services is tailored to meet our clients' specific needs, helping them navigate complex regulatory landscapes, adopt standards, and strengthen their security posture. Our services support the following mandates, standards, and best practices: ONC Health IT, DEA EPCS and CSOS, FHIR, PCI DSS, HIPAA, B2B EDI, AS2, AS4, ebMS, FTC Safeguards, SOC, GDSN, EPCIS, Risk Assessments, Threat Identification, and more.
[02] Services
Compliance Certification
Conformance Testing
Standards Certification
Validation Services
Penetration Testing
Security Assessments
Advisory Services
Cybersecurity Threat Identification
Health IT Compliance & Security
Data Security & Compliance
Supply Chain & B2B Compliance
PCI Assessments
HIPAA Assessments
EPCS Certifications
[03] Certifications
ONC Health IT Certification
HIPAA Assessments
EPCS Certification
PCI DSS

PCI DSS Certification


Origin


The Payment Card Industry Data Security Standard (PCI DSS) was created in 2004 by the major credit card companies: Visa, Mastercard, American Express, Discover, and JCB International. These companies formed the PCI Security Standards Council in 2006 to manage and evolve the standard. PCI DSS was developed in response to increasing credit card fraud and data breaches, establishing a unified set of security requirements for all organizations that store, process, or transmit cardholder data. The goal was to create consistent security measures across the payment card industry to protect sensitive payment information.


Industry Value and Importance


PCI DSS compliance is mandatory for any business that handles credit card transactions, making it one of the most critical security standards in commerce today. The certification demonstrates that an organization has implemented robust security controls, including network protection, access management, encryption, and regular security testing. Non-compliance can result in severe consequences, including substantial fines (up to $100,000 per month), increased transaction fees, loss of payment processing privileges, and reputational damage following a breach. For IT professionals, PCI DSS expertise is highly valued as organizations across all industries need qualified personnel to implement, maintain, and audit these security controls.

DEA EPCS Compliance
[05] Notable Clients
  • Bravado Health
  • IntrinsiQ Specialty Solutions
  • AWWA
  • Office Practicum
  • Legisym
  • Fire.ly
  • Sovereign Pharmaceuticals
  • LedgerDomain