Compliance Management: PCI Gap Assessment
Do you store, process, or transmit credit card data?
Have you experience a data breach involving credit card information, or other
sensitive corporate or client data?
Are you concerned about your ability to comply with PCI DSS requirements?
The Payment Card Industry (PCI) Data Security Standard was developed by American Express, Discover Financial Services, MasterCard, and Visa to provide a common framework for handling credit card data. It mandates organizations handling credit card information to build and maintain secure network infrastructures and data handling processes.
Even if you're not required to be compliant with PCI, many organizations compare themselves against the PCI criteria to proactively assess the security and privacy of their data within their organization and during external transmissions.
Are you ready for PCI certification?
Our PCI Gap Assessment program discovers the deficiencies in your policies and practices, network infrastructure, and data systems prior to completing a PCI DSS audit. We will identify any gaps that may exist between your current state and the Compliance Requirements so that you can mitigate these before actual PCI certification testing.Even if you're not required to be compliant with PCI, many organizations compare themselves against the PCI criteria to proactively assess the security and privacy of their data within their organization and during external transmissions.
Service Description
During the engagement, Digital Defence will use interviews, on-site inspections, and technical tools to complete our audit. Digital Defence will work with you throughout the compliance planning process—providing advice and consultation on the PCI data standard and compliance requires, analyzing project scope, and serving as your advocate with credit card companies. In addition, the following activities will be performed:- Identify your compliance requirements, and prepare an assessment checklist to guide the audit
- Conduct a review of your security and privacy policies and practices;
- Prepare a data flow analysis, fully documenting where critical data are being gathered, analyzed, transmitted and stored;
- Conduct a technical audit of your network architecture; special attention will be paid to your firewall and other security devices;
- Conduct a vulnerability assessment and penetration test of the network, applications, and source code; and,
- Identify all gaps between your present state and the PCI compliance requirements.
Using a Project Manager who specializes in security projects, Digital Defence will provide full remediation assistance to address the gaps and achieve auditable compliance with all of the PCI standard.
When the PCI pre-audit has been completed, Digital Defence will continue to work with you to maintain compliance.
Resources
Advisory Services
Any effective information security program requires executive leadership and active commitment in order to succeed. Unfortunately, many organizations lack the time and resources to devote to security leadership. DigitalDefence’s Advisory Services are designed to give your organization the quick start and structured support to develop and maintain your security program. (457 KB)
... VIEWPCI Gap Assessment
Do you store, process, or transmit credit card data? Have you experienced a data breach? Do you have the technical means in place to determine if a breach has occurred? (456 KB)
... VIEW
Link Sample
Link Description