Qualified Security Assessor (QSA) Services
PCI DSS Gap Analysis Reports
The full PCI DSS standard can appear daunting when it is first examined. Once it has been established that Card Holder Data will need to be stored, processed or transmitted within your environment some form of GAP Analysis can be conducted.
This service will typically involve a number of days on site sitting down with the Managers tasked with the PCI DSS project along with the key staff involved in the Network Administration, Card Holder Systems as well as the people responsible for company Procedures and Policies.
The deliverables from this engagement will include a detailed report outlining the following information:
- High level review of the Card Holder Data environment
- Identify all current Card Holder Data processes and storage locations
- Identify the areas where the client is fully compliant
- Identify the areas where configuration or changes will bring about compliance
- Identify the areas where no solutions, processes or polices exist.
- Provide recommendations on where to go now.
In addition a full detailed report in the following formats will be provided which often provide the basis for a working road map moving forwards:
- Fully Completed Self Assessment Questionnaire (SAQ) D
- Fully Completed Prioritised Approach Document
No mention of any specific Vendor solutions is contained within the GAP Analysis report. It is very important that this relates directly to the PCI DSS and not used as a platform to push a particular solution.
Of course advice around Technology solutions can be provided if requested; this is covered in more detail in the Remediation/Solution Services section.
- The SAQ forms can be downloaded from here.
- A guide to the Prioritised approach can be downloaded from here.
- The PCI DSS can be found here.
To find out more information about PCI DSS Gap Analysis Services from Nettitude please contact us here.