PCI DSS Compliance Programme
The journey to achieving PCI DSS Compliance involves of number of distinct steps, sometimes requiring significant organisational changes, both in terms of people, processes and technology.
Companies of all sizes, can find it a challenge to effectively implement and manage these changes, resulting in a failing PCI DSS Compliance Programme, with an inability to achieve compliance often after many years, of expended time and cost.
Whether you are beginning your compliance journey, or require assistance to recover a failing project, our selectable PCI DSS Compliance Programme service provides your organisation with complete support, wherever you are in your journey to achieving PCI DSS Compliance.
Fast Track Your PCI DSS Compliance
Request an initial PCI DSS Compliance Program consultation.
Our team will meet with key stakeholders, and work closely understanding where you are in the PCI DSS Compliance cycle, validating previous activities performed within your organisation for compliance. We then confirm the scope of services applicable to your organisation, and if appropriate, perform a Scope Assessment and Gap Analysis, building a detailed view of remediation activities required.
We will then take a broader view of your organisation, outlining the PCI DSS Compliance Strategy and a Roadmap for delivering remediation activities, closely aligned to your broader data protection goals.
With initiatives defined, these then form part of a PCI DSS Programme Business Case, building a foundation to secure adequate funding, and sustained executive buy-in.
Following our project management methodology, we then execute the remediation plan, utilising agreed resources. This typically includes implementation of short term and, strategic actions such infrastructure projects building a compliant CDE (Card Data Environment). Where required, we will perform both product selection, and technical design of PCI DSS Compliant security solutions.
As part of the project delivery, we deliver all associated PCI DSS Compliant Policy, Processes and Procedures, and identify all periodic tasks necessary for your team to maintain continuous compliance throughout the year.
Finally establishing a PCI DSS Steering Group for key members of your business, to meet frequently reviewing critical decisions affecting the environment, managing the ongoing operation of the environment PCI.
- Flexible methodology. Support at any stage of PCI DSS Compliance Programme
- Project recovery for distressed and failing PCI projects. To get you on track for achieving compliance.
- A prioritized roadmap, for PCI DSS project investments and organizational change initiatives
- Accurate budgeting and cost forecasting. Allows you to focus on securing stakeholder buy in.
- Full resource management, and efficient delivery of remediation tasks through delegation of responsibility and authority
- Tracking and management of PCI DSS Compliance Programme budget, milestones, and delivery of remediation activities.
- A Continuous Compliance Framework for your team to manage and maintain PCI DSS compliance.
- Alignment of PCI DSS to broader data security goals with development of a PCI DSS Compliance Strategy for your organisation
- Enhanced defence from Cyber Attacks, through use of strategic PCI DSS solutions.
Stage 1: Compliance Programme Pre-Assessment (Off- Site)
- Meeting with key staff members and senior stakeholders
- Establish the scope of PCI Compliance Support required
- Validate any existing documentation such as gap analysis, and remediation plans (if applicable)
- Identify required PCI Compliance Services
Stage 2: Scope Assessment and Gap Analysis1
- Provide and Review PCI DSS Data Flow Questionnaire and Analysis Document
- Detailed analysis of cardholder data system components
- Review of policies, standards, procedures and processes
- Produce and deliver detailed documentation of Data Flow Analysis diagrams, and the people, processes and technology for all environments with cardholder data and sensitive authentication flows.
- Gap analysis of controls against the PCI DSS Requirements
Stage 3: Remediation Planning1
- Identify and agree short term, and long term remediation initiatives
- Produce and deliver PCI Compliance Remediation Strategy
- Produce Remediation Project Plan, with associated high level cost estimates, delivery timeline and resource requirements
Stage 4: Establish Business Case1
- Meeting with key staff members and senior stakeholders
- Deliver business case documentation, including cost estimates and PCI DSS Compliance Roadmap
- Presentation of Business Case and sign-off.
Stage 5: Design and Deliver Remediation Solutions1
- Review remediation proposals and define security requirements
- Perform strategic evaluation of suitable security solutions
- Creation of Technical Solution Design
- Deployment of technical solution, and deliver into BAU
Stage 6: Deliver PCI DSS Policy and Documentation1
- Update or create set of documentation which is fully compliance with PCI DSS
- Run socialisation workshops to integrate the documentation created
Stage 7: Deliver Continuous Compliance Framework1
- Establish the PCI DSS Steering Group
- Establish the Daily, Monthly, Quarterly and Annual Procedures
- Create a process to manage the periodic processes associated with PCI DSS
1. Optional Activity. Dependant on existing work performed within the environment.
- Total: Determined during initial consultation
- Onsite: As above
- Remote: As above
PCI DSS Business Case- Outlines the clear reasoning and business justification for the PCI DSS Compliance Programme, and presented to senior stakeholders. This includes detailed initiatives, resource, budget estimates, options and recommendations.
PCI DSS Compliance Strategy- Strategic document aligning PCI DSS, with broader data protection, and cyber security protection within your business. Includes assessment of threats to your organisation, review of existing capabilities, and definition of strategic to- be state across the 12 PCI DSS Control Areas.
PCI DSS Remediation Roadmap- High level roadmap outlining all remediation initiatives, and estimated implementation timelines.
PCI DSS Security Solution Design(s) – Full technical design documentation, outlining how the solution will be deployed within your environment.
PCI DSS Steering Group- Internal group consisting of key internal stakeholders to ensure ongoing management of the company compliance
PCI DSS Yearly Compliance Plan- Set of activities, required to maintain compliance throughout the year
Speak with us today, to understand how JAW Consulting UK can support your PCI DSS Remediation Programme.