PCI DSS preparation program

We feel many times that PCI DSS requirements look exaggerated in some cases: it is a real challenge to stay up-to-date from time to time with PCI DSS changing requirements without any external support. According to our experience even the appropriate interpretation of the regulations could be problematic. That is why our company is trying to provide professional end-to-end support to its customers – from the first step: the PCI DSS preparation.

In the PCI DSS preparation phase we support our customers with the high level services below:

Project preparation and scoping
  • Determining the involvement and PCI reporting obligations of the customer
  • Exploring the operational environment, collecting information
  • Designating the main fields on which it is necessary to launch preparation sub-projects
  • Identifying the fields beyond-the-scope, concrete proposals to reduce the scope

PCI DSS preparation strategy
  • Defining strategic goals and development endeavors
  • Elaborating the project preparatory document, that facilitates cost and human resource planning
  • Determining the main project milestones and points of decision, preparation of the project schedule
  • Result: High level strategic plan for the management

All-inclusive Gap analysis

The most crucial milestone of the preparation phase is the Gap analysis. We conduct an extensive investigation – with the contribution of the customer’s professionals – of the Cardholder Data Environment (CDE), based on PCI DSS requirements. As an output of the research we reveal the deficiencies, non-compliant elements and discrepancies compared to the latest version of PCI DSS.

During the Gap analysis the following activities will be carried out:
  • Definition of Cardholder Data Environment (cardholder data matrix) and detailed scope of gap analysis
  • Seeking non-compliant elements:
    • Review of existing policies and the implementation of existing procedures
    • Review of existing technical settings in network devices and servers in the CDE
    • Initial vulnerability scanning
  • Detailed evaluation and documentation of revealed gaps
With the Gap analysis the customer gets a clear and comprehensible summary about its compliance status, as well as about the factors that need to be developed in order to obtain PCI DSS compliance.

PCI DSS remediation and action plan
  • Solution proposals to the gaps revealed in the Gap analysis
  • Issuing the Remediation plan document which includes the steps needed to eliminate existing gaps
  • Preparing an action plan that contains necessary implementation processes and milestones
  • Determining Compensating controls together with the customer
In case of necessity the Remediation plan document is sent to the respective Payment Brand.

Knowledge Base Highlights

Get informed on Qualys’ On-demand Security solutions!

More »
Learn more about PCI DSS compliance!

More »
Strategic partners

© AperSky Consulting Llc.