PCI DSS Readiness Assessments
PCI DSS Readiness Assessments
PCI DSS readiness reviews, gap analysis procedures, and other readiness assessments are a great way to learn about an organization’s policies, procedures, processes, and practices relating to the Payment Card Industry Data Security Standards (PCI DSS) provisions. Diving right into PCI and trying to obtain certification, particularly relating to the Level 1 onsite assessments, is generally not recommended, and for some obvious reasons. Because PCI is prescriptive in nature – meaning the requirements are relatively well-defined, organizations simply do not have the necessary controls and related elements in place for being compliant – at least not initially. The best advice is to crawl before you walk, which means undertaking a comprehensive PCI DSS readiness review, assessment, and gap analysis “fact finding” mission before the actual assessment process. It’s an extremely beneficial and noteworthy endeavor, one that sheds light on various areas within an organization, and the notable deficiencies in relation to the PCI DSS mandates.
Purchase and immediately download your PCI Policies Packet today for SAQ A, B, C, C-VT, D, P2PE-HW, and Level 1 onsite assessments.
PCI DSS Readiness Reviews | A Highly Beneficial Process for Ensuring Timely Compliance
pcipolicyportal.com recommends using the services of a trained and licensed Payment Card Industry Qualified Security Assessor (PCI-QSA) to perform such an engagement, such as QSA Charles Denyer, who can be reached at 214-298-8532. Originally from Texas, Charles works all around the country in helping merchants and service providers with PCI compliance, performing readiness reviews, along with Level 1 onsite assessments. Charles has also provided the following brief list of the 10 most common challenges and problem areas organizations face when undertaking PCI compliance:
- Provisioning, hardening, securing and locking-down all in-scope “system components”
- Anti-Virus
- Two-factor authentication
- Web application firewall (WAF)
- Audit trails and logging
- Log Server | Syslog
- File Integrity Monitoring
- Intrusion Detection Systems (IDS)
- Policies and Procedures
- Operational Commitments
Regardless of which PCI mandate is calling your name, from the Self-Assessment Questionnaires, to Level 1 onsite reporting, they all require documented PCI policies and procedures, for which pcipolicyportal.com provides (for SAQ A, B, C, C-VT, D, P2PE-HW and onsite assessment). Learn more about the PCI compliance certification process for the self-assessment questionnaires, along with the PCI certification process for Level 1 onsite assessments. Additionally, join pcipolicyportal.com for our free webinars where we discuss important issues, topics, and challenges relating to the Payment Card Industry Data Security Standards (PCI DSS) provisions. Additionally, also contact Chris Nickell at cnickell@ndbcpa.com, or at 1-800-277-5415, ext. 706, to learn more about PCI services.
