The Payment Card Industry Data Security Standard (PCI DSS) is a set of Information Security Standards formed in 2004 by major credit card companies including Visa, MasterCard, Discover Financial Services, JCB International, and American Express. Governed by the Payment Card Industry Security Standards Council (PCI SSC), the Standard aims to secure the process of credit card and debit card transactions against theft/fraud. Although, the set Standard is not a legal obligation, but is a requirement to safeguard cardholder data and Debit/Credit card transactions. So, all organizations that accept and process Debit/Credit card payments are expected to undertake an annual PCI DSS Audit. This would typically include an audit of security controls and processes, covering data security such as retention, encryption, physical security, authentication, and access management.
Conduct an initial study of business to understand your card processes, the environment and accordingly consolidate the PCI scope.
Confirm systems that fall under the PCI DSS scope and formulate the scope statement.
Identify gaps in your organization’s security control systems and environment vis-à-vis PCI DSS requirements.
Conduct a thorough data leakage assessment of your application and assist in remediation.
Conducts awareness sessions for your IT Team and personnel involved in the card data processing, on a quick background to PCI DSS.
Identify your information assets across the organization and classify them as per criticality to create an asset inventory.
Conducts risk assessment to identify assets exposed to risk and assess how it could impact your organization.
Provide you detailed remediation strategies including the recommendation of compensating controls as applicable that can help your organization strengthen its security posture.
Create policies and procedures as per PCI DSS requirements which are then validated by your team.
Provide full support to your team in implementing necessary policies for your organization.
Conduct a User Training program for all personnel covered in scope on their specific responsibilities.
After a reasonable gestation period, our separate team of experts conducts a Pre-assessment (internal audit) of your setup to check whether the suggested measures are implemented and in place.
Once all controls are confirmed to be in place, we help you get attested with our own duly segregated QSA audit team or any external auditors of your choice.
The PCI DSS is an information security standard for organizations that process, transmits, and store credit card details. This would typically include merchants, processors, acquirers, issuers, and service providers dealing with sensitive cardholder data. View a quick 5 mins video on this topic
PCI DSS Audit cost for an average-sized company starts at $12000. Pricing for a PCI DSS audit depends on several factors, including your type of organization, the number of annual transactions, payment applications, physical locations, whether first time or recertification and other additional services as well.
On average it takes 4-6 weeks to complete an end-to-end PCI DSS Audit. However, the timeline greatly depends on the time taken for implementing the remediation suggested in the gap analysis.
You will receive Audit reports (ROC/SAQ, AOC) documenting the details on how networks and physical environments are protected against threats. You will even get a PCI DSS Certificate of Compliance on successful completion of the audit, demonstrating your commitment to Industry Standard Compliance.
PCI DSS Certification is only valid for a year or 12 months from the date of issue.
As per the Industry standard requirement, a PCI DSS Audit must be performed annually, or when significant changes are introduced that may impact systems and network in an environment.