Our approach to ensuring your organization achieves and maintains compliance to the Payment Card Industry Data Security Standard (PCIDSS) is aligned with the standard step approach; “Assess”, “Remediate” and “Report” but evolved to a four (4) phased approach for enhanced manageability:
- Diagnostics: This phase involves project planning and the basic process of PCIDSS scoping; to determine what system components are to be governed by the PCIDSS.. A Gap/Readiness Assessment is also carried out to determine the level of compliance of the system components in scope. PCIDSS Awareness Sessions are also incorporated to this phase.
- Design: This involves developing a compliance Blueprint to close the gaps identified during the Diagnostics phase as well as an the development of an Improvement Roadmap for improving enterprise-wide security.
- Implementation/Remediation Management: This involves providing adequate guidance on implementation of controls (documentation, processes, technologies etc). It also involves quality assurance and project managing remediation of gaps.
- Compliance and Certification: This involves performing a compliance and certification audit carried out by our Qualified Security Assessors (QSA) and a passing scan carried out by our Approved Scanning Vendor (ASV) partner. Prior to this a mock compliance audit is carried out to ensure the organization is ready for the certification audit. Post certification, on-going monitoring and compliance are provided as well as periodic vulnerability scans and penetration tests.