PCI DSS Gap Analysis

Our PCI DSS Gap Analysis is a review of an organisations Cardholder Data Environment (CDE), against the latest version of the standard. Performed during the early phases of PCI Compliance, it enables an organisation to quickly measure the effort and actions required to reach a compliant state. This is a crucial step for organisations preparing for a PCI DSS Assessment for the first time, or organisations building a PCI Remediation Programme.

Fast Track Your PCI DSS Compliance

Request a free PCI DSS Compliance Program consultation.



Our consultants will perform the review through performing on-site and remote interviews with staff members and documentation review. We then provide you with a detailed report documenting your current compliance status and any gaps identified aligned against the PCI DSS Standard.

Key Benefits

  • Provides you a snapshot of PCI DSS compliance
  • Identifies areas requiring immediate attention, and cost effective remediation solutions, in prioritised terms.
  • Provides you the awareness of your companies’ ability to comply with any new release of the standard, such as PCI DSS 3.0
  • Assists with PCI Compliance Programme cost forecasting, and budget justification.

Our Methodology

Step 1: Pre- Assessment Phase (Off Site)

  • Meeting with key staff members
  • Provide walkthrough of assessment activities, and agree roles

Step 2: PCI Business Process Review Phase

  • Walkthrough of Card Holder Data Environment, and documentation of components
  • Review of policies, standards, procedures and processes

Step 3: PCI Controls Analysis Phase

  • Findings and observations of current security controls,
  • Gap analysis of controls against the PCI DSS Requirements

Step 4: Reporting Phase

  • Preparation of PCI Compliance Gap Analysis Report
  • Presentation of findings and strategic recommendations


  • Total:       3- 5 days
  • Onsite:     1- 3 days
  • Remote:  1-2 days


  • Executive Summary Report– (including overall statement of compliance, and high level overview)
  • PCI DSS 3.2 Controls Analysis– (Compliant, Partially Compliant or Non-Compliant Status)
  • Strategic Remediation Actions– Detailed set of recommendations, and options for remediation to move toward a fully compliant state

Speak with us today, to learn how we can  help you measure the gaps, and the steps to take to achieve and maintain PCI DSS Compliance.

Optional Related Services