Know your PCI shortcomings.
Whether you're just getting started on the road to PCI Compliance or you're already well-traveled, a PCI Gap Analysis is an effective and efficient way to take stock of your position. The PCI Gap Analysis gives you a holistic view of your organization's current compliance state and the steps it's taking today to achieve compliance with the standard. We compare your current security controls with those required by the PCI Data Security Standard, resulting in a list of "gaps" or PCI DSS requirements that are not currently in place.
Mind the gaps.
As an invaluable first step, an expert assessor from ControlScan will work with you to define and verify your card data environment (CDE). Your CDE may include point-of-sale terminals and servers, e-commerce sites, and even part of your customer contact center. Understanding the scope of your environment that impacts card data security is critical to an efficient and effective PCI compliance program. As part of this analysis, we'll deliver a detailed network diagram that satisfies a key PCI requirement and is core to your ability to respond to a data security incident.
Once the scope of your card data environment is established, the project proceeds with an evaluation of the PCI DSS requirements as they apply to your CDE. The ControlScan assessor will work side-by-side with your team to establish agreed upon approaches for sampling and testing, and identify where controls must be put into place or strengthened in order to meet PCI requirements and security best practices.
The project will result in a set of deliverables that provides you with a full understanding of your current compliance state and a detailed set of recommendations and options for remediating gaps, reducing PCI scope and ultimately achieving PCI compliance. You may see real savings as you optimize your security controls and shrink your card data environment!