A PCI Business Process and Segmentation Review is critical to understanding the environment. However, assessments do not mitigate risk; they only identify it.
SecureState’s approach maps out critical business and data flows to determine where regulatory controls have an impact on your business. The assessment aims to
properly identify cardholder data environment (CDE); identify high level program level issues; interpret the standard; ensure that remediation is cost-justified; and keep our clients up-to-date
on PCI requirements, threats, and liabilities.
Based on SecureState’s experience, clients can find it difficult to maintain full compliance with PCI DSS requirements throughout the year; often failing due to a lack of consistent and repeatable process implementation or through a change required by the business. Additionally, the true cost of compliance
is not an annual assessment, but the day to day implementation and maintenance associated with maintaining compliance. SecureState helps clients implement consistent
and repeatable processes that facilitates integration into your standard operating procedures. This approach allows our clients to get the most value, and have the
most options and flexibility, in meeting the goals of security and compliance.
Before coming onsite, SecureState will help you define your engagement goals, introduce all participants, defining their roles and responsibilities. SecureState will
review the high level engagement activities with our clients, establishing timeframes for the assessment. SecureState will also set up the MyState collaborative portal,
an online tool used for communicating results with our clients.
Once onsite, SecureState will document the high level PCI business process and supporting technologies (the ways card holder data (CHD) is introduced into the environment and where
CHD is stored, processed, and/or transmitted.) We will map PCI processes to supporting technical infrastructure.
Based on analysis of the environment, data flows and interviews, SecureState will identify program level issues and potential areas for scope reduction and risk
mitigation. Reports delivered to the client which will include the results of our onsite assessments as well as tactical and strategic recommendations, and help to
define appropriate next steps. SecureState will also provide a high level remediation roadmap defining activities needed to be completed to move toward the Desired
State of PCI compliance.