Prior to coming on site, SecureState will introduce all of the participants in the engagement, defining each person's roles and responsibilities, and reviewing the high level activities for the engagement.
We will also establish the time frame for onsite activities, and set up a collaborative portal.
As part of the PCI assessment, SecureState collects and reviews all required documentation related to PCI compliance including information security policies and procedures, incident response plan (IRP),
network and system configuration standards and reports, periodic testing results (e.g., ASV scans, penetration testing, internal vulnerability scans) and other associated evidence prior to the required on-site portion of the engagement. SecureState will
document and align PCI requirements with collected client documentation, identify potential issues, and provide results back to the client, requesting any additional documentation if areas of concern or noncompliance
Once SecureState is onsite, we will validate scope and that required controls are in place in accordance with PCI DSS Standards. We will thoroughly analyze and document the existing controls used to protect card holder data (CHD). Additionally, we will identify opportunities to mature your overall compliance program.
SecureState will document all of our efforts exhaustively, including reviewing the systems and network components within the cardholder environment. Our consultants will review and confirm scoping
limitations to the PCI cardholder data environment (CDE) while also highlighting our interviews with key personnel on compliance activities.
Upon completion of the onsite assessment, the SecureState team will analyze evidence provided to validate controls as being compliant. They will document findings within the PCI SSC defined Report
on Compliance (RoC) template.
Upon completion of requirement validation, SecureState will deliver the RoC and associated Attestation of Compliance (AoC) for review and countersignature. SecureState will also complete required
submissions to the defined organizations for service providers. SecureState will then hold a closing call to recap the assessment and discuss areas for compliance program improvements.