PCI Readiness Assessment

It’s Audit Time!

Remember all the things you used to do in college to prepare for final exams? You took preparation quizzes and reviewed only the topics you knew would be on the exam, and you usually passed. Preparing for a Payment Card Industry Data Security Standard (PCI DSS) audit is not that different. But in the real world, you may be tested on items that aren’t on the exam. Remember, it’s ultimately to your benefit to pass a PCI audit.

As a part of the compliance process, most Level 1 merchants will conduct a pre-assessment audit prior to the official PCI audit to discover and remediate problems before they turn up in the real audit.  These pre-assessments not only help build a baseline to ensure that compliance is achieved as efficiently as possible, but can also highlight findings that may be a liability for the company if not handled properly.

To help you better understand the steps you need to take to be compliant, we offer several PCI Audit pre-assessment services where you’ll receive specific remediation recommendations so that you have an opportunity to fix them prior to your official audit.

Site Assessment

Site assessment involves discovery of all the items that are considered relevant by PCI/DSS v1.2 and documenting them in preparation for scoping and audit execution. Site assessment may be executed partially off-site through telephone interviews and policy reviews, and partially on-site via physical inspections and verification of data collected during off-site reviews.

Readiness Analysis

After the site assessment, our team continues with their “mock audit,” executing the complete PCI Certification Audit process including the development of a PCI deficiency report.  The application layer requirements of PCI/DSS v1.2 can be particularly confusing for organizations and we can help you understand where you may fall short of compliance.

Remediation and Validation

Whether we have conducted a mock audit or you’ve executed the self-assessment, we can help you build a roadmap toward compliance with PCI remediation recommendations that will unblock the compliance issues in each area.. Certain groups within your organization may require technical training while others may have interest in security assessments for mission-critical applications. These education and assessment services are available to you as additional value-added solutions. 

Certification

Once you’ve been through the readiness process, you’re now ready for the all important final exam, The Audit.  We don’t just turn you over to a QSA to go through the process alone.  TBG Security has partnerships with a number of QSA firms and we’ll be there every step of the way to guide you through the final audit process and when necessary we’ll prepare or provide the necessary documentation to meet the PCI Security Council standards for compliance.

How You Benefit:

Know Your Compliance Profile: You’ll know before a QSA audit where your company stands and have a chance to avoid costly fines.

Demonstrate Your Controls: You’ll know that your security controls are implemented correctly, operating as intended and producing their desired outcome.

Avoid A Lawsuit: You will have confidence that your company will have put controls in place to avoid a breach of your customer’s information.

For more information on how TBG Security can help your organization reach PCI compliance, contact our .(JavaScript must be enabled to view this email address) or call us directly at 877.233.6651 ext. 704