Payment Card Industry (PCI) Data Security Standard Compliance Assessment

Protecting Consumer’s Credit Card Information

The Payment Card Industry (PCI) Data Security Standard is a mandatory security standard for all businesses that handle transactions using major branded credit cards, including Visa, MasterCard, American Express, Discover, and JCB. It’s designed to help businesses protect customers’ payment card information. We can help make sure that your business is in compliance with PCI standards using the Sage PCI Compliance Assessment.

The Sage Methodology

Our methodology has two phases. In Phase I, we identify and inventory the computers, devices, and lines (the “target systems”) that process, store, and/or transmit cardholder information. We then diagram and describe each transaction type to determine the scope of Phase II.

In Phase II, we assess the security posture of your target systems and supporting infrastructure against the requirements of the standard to identify gaps in compliance. Our assessment is based on the current PCI Data Security Standard 3.2, which focuses on twelve distinct categories, all of which we address in detail. Once any required remediation steps have been taken, we may assist with the completion of the necessary SAQ questionnaire.

Reports and Recommendations

After we identify and inventory your target systems in Part I, we will provide:

  • Detailed target system documentation, including location, data type, purpose, and ownership.
  • Information flow diagrams for your target systems.

Once our Part II assessment is complete, we will provide:

  • An executive summary containing an explanation of the category level PCI requirement and a synopsis of our findings.
  • A compliance report, which details our findings for each subcategory and associated controls, along with the compliance status for each.

Our compliance report becomes the basis for the PCI Data Security Standard Self-Assessment Questionnaire, a validation tool that addresses the twelve compliance categories and their associated controls. We will incorporate our findings from Part II into the Self-Assessment Questionnaire as a means to obtaining PCI compliance certification once any necessary remediation steps are completed.


The Sage Cybersecurity Lifecycle

The Sage Data Security Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More