Defining the scope of your cardholder data environment (CDE) is the first important step. We need to identify all key payment processes; all storage of card data; all critical systems involved in storing, processing and transmitting card data; all people, processes and technology. Then we work with you to understand current gaps in policies, processes and standards in line with the defined scope.
If you are building a new environment, it may be too early to undertake a gap assessment. Instead, we can review your proposed solution and advise on key PCI DSS fundamentals to consider before completion.
This could be a variety of services including penetration testing, scanning, documentation assistance, ad hoc advice. Or you can do much of this yourself. We won’t try to sell you a whole bunch of services, only offering assistance for essentials.
This may be either a full audit or assisted-self assessment. We provide the documents to you for you to simply sign once compliance is demonstrated.
Once compliant, we also offer quarterly reviews to ensure you not only achieve compliance, but maintain it by reviewing all necessary regular tasks required to maintain a compliant environment.