Our Approach to PCI DSS Advisory and Certification
Initial study
Conduct an initial study of business to understand your card processes, the environment and accordingly consolidate the PCI scope.
Scope Definition
Confirm systems that fall under the PCI DSS scope and formulate the scope statement.
Gap Analysis
Identify gaps in your organization’s security control systems and environment vis-à-vis PCI DSS requirements.
Data Leakage Assessment
Conduct a thorough data leakage assessment of your application and assist in remediation.
Awareness Sessions
Conducts awareness sessions for your IT Team and personnel involved in the card data processing, on a quick background to PCI DSS.
Data & Assets Classification
Identify your information assets across the organization and classify them as per criticality to create an asset inventory.
Risk Assessment
Conducts risk assessment to identify assets exposed to risk and assess how it could impact your organization.
Risk Treatment
Provide you detailed remediation strategies including the recommendation of compensating controls as applicable that can help your organization strengthen its security posture.
Documentation Support
Create policies and procedures as per PCI DSS requirements which are then validated by your team.
Policy role out support
Provide full support to your team in implementing necessary policies for your organization.
User Training
Conduct a User Training program for all personnel covered in scope on their specific responsibilities.
Pre-Assessment
After a reasonable gestation period, our separate team of experts conducts a Pre-assessment (internal audit) of your setup to check whether the suggested measures are implemented and in place.
Audit & Attestation
Once all controls are confirmed to be in place, we help you get attested with our own duly segregated QSA audit team or any external auditors of your choice.
