Organizations can engage PCG in multiple ways to help your business, technical and leadership teams navigate the arduous process of achieving or maintaining PCI Compliance.
What is PCI Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) was developed to address cardholder data security risks and facilitate the broad adoption of consistent practices. This standard is mandated by the card brands (Visa, Mastercard, etc.) and payment processors require merchants to demonstrate compliance or submit a remediation plan for approval. Failure to be PCI compliant exposes your customers to unknown security vulnerabilities, while merchants risk facing stiff financial penalties and compromising their brand reputation and customer loyalty.
How can PCG help?
Contact PCG today at 1.800.731.7153 to discuss your PCI Compliance needs and objectives and to schedule your complimentary discovery session.
PCI Readiness Assessment:
PCG evaluates the scope of PCI remediation required and works with your business and technical leaders to prioritize and align within your enterprise project portfolio (PPM).
- Evaluate – Perform a PCI risk and scope evaluation by identifying and documenting inbound and outbound card data channels – card-present (POS) and card-not-present transactions (e-commerce, call centers, fax, email, postal).
- Scope – Evaluate current channels, supporting environments (technology and physical) and controls in place to protect Card Holder Data. Activity concluded by providing an inventory and gap analysis.
- Prioritize – Work with business and technical partners to understand your PPM framework to align and prioritize the PCI initiative within your portfolio.
PCI Remediation Program Design
A ‘best-fit’ PCI remediation program model will be tailored for your organization. We will work with your business, technical and leadership stakeholders to form a cross-functional solutions team to evaluate potential technical and business process solutions. An output of this workstream will include an executable framework and detailed project plan.
- Define – Determine desired SAQ type (e.g. SAQ-A, SAQ-EP, SAQ-D) such as outsourcing or internally managing the storing, processing or transmitting of cardholder data.
- Solution – Establish solutions that achieve desired SAQ type. For example, utilizing micro-segmentation, a payment processor gateway for credit card tokenization, P2PE, or telephony technologies that mask sensitive cardholder data.
- Plan – Define team structures, roles and responsibilities, work breakdown structure, and order of magnitude timelines and budget. This may include executing a basic RFI process or other relevant analyses (e.g. incremental operational costs) as required for estimating purposes.
PCI Remediation Program Management
Our best-in-class Project Managers and Program Managers are dedicated to delivering world-class results in a faster, smarter, and more cost-effective manner. PCG will utilize its 20 years of experience to ensure program success.
- Execute – Oversee and manage the remediation work required (scope), deliver work on-time and within budget, and manage the organizational change management process.
- Control – Manage issue and risk resolution, and escalation where required. Implement and manage the change request process.
- Attest – Once remediation work has completed, PCG can facilitate the assessment work required to obtain your Attestation of Compliance (AOC). Assessment work may be completed by an external Qualified Security Assessor (QSA), your organization’s Internal Security Assessor (ISA), or a Self-Assessment Questionnaire (SAQ) depending on your organization’s transaction volume.