Methodology

Our PCI DSS assessment process

QSAs are the only third-party entities who can officially sign your PCI DSS certification. We service the entire Asia-Pacific region

What is the PCI DSS?

Scoping/gap assessment

Defining the scope of your cardholder data environment (CDE) is the first important step. We need to identify all key payment processes; all storage of card data; all critical systems involved in storing, processing and transmitting card data; all people, processes and technology. Then we work with you to understand current gaps in policies, processes and standards in line with the defined scope.

Remediation

This could be a variety of services including penetration testing, scanning, documentation assistance, ad hoc advice. Or you can do much of this yourself. We won’t try to sell you a whole bunch of services, only offering assistance for essentials.

Annual assessments

This may be either a full audit or assisted-self assessment. We provide the documents to you for you to simply sign once compliance is demonstrated.

Quarterly reviews

Once compliant, we also offer quarterly reviews to ensure you not only achieve compliance, but maintain it by reviewing all necessary regular tasks required to maintain a compliant environment.