A PCI Gap Assessment is critical to understanding the environment as they relate to PCI compliance. However, assessments alone do not mitigate risk; they only identify it. SecureState’s approach maps out critical information processes and technical infrastructure to determine where PCI controls have an impact on the business. Based on SecureState’s experience, very few clients maintain full compliance with PCI DSS 3.2 requirements. Additionally, as the organization evolves, business and customer demand require ease of use and cutting edge technology to drive efficiency. Legacy systems also pose a risk for mature environments. SecureState has outlined the most cost-effective approach to becoming PCI compliant. This approach will allow your organization to get the most value, and have the most options and flexibility, in meeting the goals of security and compliance.
Before SecureState comes onsite, we will introduce engagement participants and define roles and responsibilities. SecureState will help you define your engagement goals, review high level engagement activities with your key personnel and establish onsite timeframes. We will also ensure that your MyState collaborative portal has been set up for the secure transmission of documentation.
Once onsite, SecureState will document the PCI business process and supporting technologies and document the ways card holder data (CHD) is introduced into the environment. This allows us to identify data elements used when storing, processing, or transmitting CHD, identify where CHD is stored, processed, or transmitted, and map PCI processes to supporting technical infrastructure.
SecureState will then analyze your environment against PCI requirements. We will assess (where applicable) systems that store, process, or transmit CHD, document the existing controls used to protect CHD, and identify gaps against the PCI DSS 3.2 requirements. Additionally, SecureState consultants will help to identify areas where you can improve and streamline your compliance efforts, thereby, reducing your overall return on security investment while mitigating risk.
SecureState will prepare a detailed PCI Gap Assessment report, outlining tactical and strategic recommendations to mitigate identified control gaps SecureState will also provide a remediation plan, reducing time and effort ahead of your upcoming RoC assessment.