Who is service this for?
Customers who already report on their PCI Compliance, through self-assessment or onsite assessment from a QSA company:
- Discussing changes to the environment and the impact this will have on compliance requirements;
- Reviewing payment channels and their transactional volumes to confirm the correct SAQs are being completed.
Customers who are new to PCI compliance and need to know what to do next:
- Identify the correct SAQ that needs to be completed;
- Reviewing current payment channels and their interactions with the environment;
- Providing de-scoping support to reduce the burden of compliance
What are the benefits?
A considerable amount of time can be spent in remediation, due to common issues with the self-assessment or onsite assessment:
- Changes to the CDE (Cardholder Data Environment), invalidating the current scope of PCI DSS compliance, meaning controls are not in place for all in-scope people, processes and systems;
- Engagement with a Third Party to outsource services may bring that provider into scope for parts of the customers’ own compliance;
- Implementation of new internal services without considering PCI compliance requirements, which should be built into their design to simplify ongoing compliance.
What happens next?
IntaForensics will arrange a review call with one of our QSA team to ensure your requirements are properly met. This in turn will identify if the work is suitable for a remote engagement, or would be better addressed with an on-site visit.
Any existing network and data flow diagrams that are available are reviewed before any engagement to ensure the QSA team are able begin addressing requirements when the visit or remote call starts.