Methodology

Our PCI DSS assessment process

QSAs are the only third-party entities who can officially sign your PCI DSS certification. We service the entire Asia-Pacific region

What is the PCI DSS?

Scoping/gap assessment

Defining the scope of your cardholder data environment (CDE) is the first important step. We need to identify all key payment processes; all storage of card data; all critical systems involved in storing, processing and transmitting card data; all people, processes and technology. Then we work with you to understand current gaps in policies, processes and standards in line with the defined scope.

Design review

If you are building a new environment, it may be too early to undertake a gap assessment. Instead, we can review your proposed solution and advise on key PCI DSS fundamentals to consider before completion.

a magnifying glass with a diagram in the background
a blue arrow with a white background

Remediation

This could be a variety of services including penetration testing, scanning, documentation assistance, ad hoc advice. Or you can do much of this yourself. We won’t try to sell you a whole bunch of services, only offering assistance for essentials.

a couple of speech bubbles sitting next to each other
a blue arrow with a white background

Annual assessments

This may be either a full audit or assisted-self assessment. We provide the documents to you for you to simply sign once compliance is demonstrated.

Quarterly reviews

Once compliant, we also offer quarterly reviews to ensure you not only achieve compliance, but maintain it by reviewing all necessary regular tasks required to maintain a compliant environment.

a blue checklist with a globe in the background