Payment Card Industry (PCI) Data Security Standard Compliance Assessment

Protecting Consumer’s Credit Card Information

The Payment Card Industry (PCI) Data Security Standard is a mandatory security standard for all businesses that handle transactions using major branded credit cards, including Visa, MasterCard, American Express, Discover, and JCB. It’s designed to help businesses protect customers’ payment card information. We can help make sure that your business is in compliance with PCI standards using the Sage PCI Compliance Assessment.

The Sage Methodology

Our methodology has two phases. In Phase I, we identify and inventory the computers, devices, and lines (the “target systems”) that process, store, and/or transmit cardholder information. We then diagram and describe each transaction type to determine the scope of Phase II.

In Phase II, we assess the security posture of your target systems and supporting infrastructure against the requirements of the standard to identify gaps in compliance. Our assessment is based on the current PCI Data Security Standard 3.2, which focuses on twelve distinct categories, all of which we address in detail. Once any required remediation steps have been taken, we may assist with the completion of the necessary SAQ questionnaire.

Reports and Recommendations

After we identify and inventory your target systems in Part I, we will provide:

  • Detailed target system documentation, including location, data type, purpose, and ownership.
  • Information flow diagrams for your target systems.

Once our Part II assessment is complete, we will provide:

  • An executive summary containing an explanation of the category level PCI requirement and a synopsis of our findings.
  • A compliance report, which details our findings for each subcategory and associated controls, along with the compliance status for each.

Our compliance report becomes the basis for the PCI Data Security Standard Self-Assessment Questionnaire, a validation tool that addresses the twelve compliance categories and their associated controls. We will incorporate our findings from Part II into the Self-Assessment Questionnaire as a means to obtaining PCI compliance certification once any necessary remediation steps are completed.

No one is immune to cyber-attacks

Are you struggling to find the time to effectively monitor your network for potential threats? Let nDiscovery do the detective work for you! We translate generic threat data into specific actionable intelligence – cutting through the noise so you can focus on what is truly important.

Learn More About nDiscovery